Giters

timwhitez / Doge-BlockDLLs

Preventing 3rd Party DLLs from Injecting into your Malware

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Doge-BlockDLLs

Preventing 3rd Party DLLs from Injecting into your Malware

ACG(Arbitrary Code Guard)的方式采用cgo实现,dynamic code prohibit未能成功实现

Ref

https://www.ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes

https://blog.xpnsec.com/protecting-your-malware/

https://3gstudent.github.io/Cobalt_Strike%E7%9A%84blockdlls%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90

etc

  1. 开源的样本大部分可能已经无法免杀,需要自行修改

  2. 我认为基础核心代码的开源能够帮助想学习的人

  3. 本人从github大佬项目中学到了很多

  4. 若用本人项目去进行:HW演练/红蓝对抗/APT/黑产/恶意行为/违法行为/割韭菜,等行为,本人概不负责,也与本人无关

  5. 本人已不参与大小HW活动的攻击方了,若溯源到timwhite id与本人无关

About

Preventing 3rd Party DLLs from Injecting into your Malware

Languages

Language:Go 100.0%