BloodyAv is Custom Shell Code loader to Bypass Av and Edr.
▄▄▄▄ ██▓ ▒█████ ▒█████ ▓█████▄ ▓██ ██▓ ▄▄▄ ██▒ █▓
▓█████▄ ▓██▒ ▒██▒ ██▒ ▒██▒ ██▒ ▒██▀ ██▌ ▒██ ██▒ ▒████▄ ▓██░ █▒
▒██▒ ▄██ ▒██░ ▒██░ ██▒ ▒██░ ██▒ ░██ █▌ ▒██ ██░ ▒██ ▀█▄ ▓██ █▒░
▒██░ █▀ ▒██░ ▒██ ██░ ▒██ ██░ ░▓█▄ ▌ ░ ▐██▓░ ░██▄▄▄▄██ ▒██ █░░
░▓█ ▀█▓ ░██████▒ ░ ████▓▒░ ░ ████▓▒░ ░▒████▓ ░ ██▒▓░ ▓█ ▓██▒ ▒▀█░
░▒▓███▀▒ ░ ▒░▓ ░ ░ ▒░▒░▒░ ░ ▒░▒░▒░ ▒▒▓ ▒ ░██▒▒▒ ▒▒ ▓▒█░ ░ ▐░
▒░▒ ░ ░ ░ ▒ ░ ░ ░ ▒ ▒░ ░ ░ ▒ ▒░ ░ ▒ ▒ ▓██ ░▒░ ▒ ▒▒ ░ ░ ░░
░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ▒ ░ ░ ░ ▒ ▒ ░░ ░ ▒ ░ ░░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░
usage: BloodyAV.py [-h] [-p explorer.exe] [-m QueueUserAPC] [-nr] [-v] [-d] [-o output.exe] file
Mr.N1K0'S CUSTOM SHELLCODE LOADER FOR WINDOWS DEFAULT PROCESS
positional arguments:
file File that containing raw shellcode
options:
-h, --help show this help message and exit
-p explorer.exe, --process explorer.exe
Process to inject into
-m QueueUserAPC, --method QueueUserAPC
Method for shellcode execution ( Method: QueueUserAPC, RemoteThreadContext, CurrentThread) (Recommended:QueueUserAPC)
-nr, --no-randomize Disable syscall name randomization
-v, --verbose Enable debugging messages upon execution and show more Info
-d, --dll-sandbox Use DLL based sandbox checks instead of the standard ones
-o output.exe, --outfile output.exe
Name of output file
- It has many loading modes. There are 13 loading modes in 32 bits and 12 loading modes in 64 bits.
- Support development. If a new attack means is found, you can develop template according to the specified method.
- Shellcode is automatically encrypted.The md5 of loaders that come from the same shellcode are different,because the generator uses time as seed to randomly generate 128-bit keys for encryption.
- XOR Encryption with Dynamic Key Generation
- Sandbox Evasion via Loaded DLL Enumeration
- Sandbox Evasion via Checking Processors, Memory, and Time
- You Can Also Add Your Own SystemCall in SystemCall.h File For Some Kind Of Customization.
git clone https://github.com/MRNIKO1/BloodyAv.git
sudo apt install mingw-w64 python3 python3-pip
pip3 install colorama
cd BloodyAv
python3 BloodyAV.py -h
- For SandBox Evasion When you Run your Exe It will Take Some Time To Call Back To Your C2.
- -P Flag Will Only Work With Default PE Of Windows And For Running Process Like (explorer.exe, calc.exe, notepad.exe, etc)