Skip to content
/ BloodyAv Public

BloodyAv is Custom Shell Code loader to Bypass Av and Edr.

License

Notifications You must be signed in to change notification settings

zha0/BloodyAv

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

BloodyAv

BloodyAv is Custom Shell Code loader to Bypass Av and Edr.

 ▄▄▄▄       ██▓        ▒█████      ▒█████     ▓█████▄    ▓██   ██▓    ▄▄▄          ██▒   █▓
▓█████▄    ▓██▒       ▒██▒  ██▒   ▒██▒  ██▒   ▒██▀ ██▌    ▒██  ██▒   ▒████▄       ▓██░   █▒
▒██▒ ▄██   ▒██░       ▒██░  ██▒   ▒██░  ██▒   ░██   █▌     ▒██ ██░   ▒██  ▀█▄      ▓██  █▒░
▒██░ █▀    ▒██░       ▒██   ██░   ▒██   ██░   ░▓█▄   ▌     ░ ▐██▓░   ░██▄▄▄▄██      ▒██ █░░
░▓█  ▀█▓   ░██████▒   ░ ████▓▒░   ░ ████▓▒░   ░▒████▓      ░ ██▒▓░    ▓█   ▓██▒      ▒▀█░  
░▒▓███▀▒   ░ ▒░▓  ░   ░ ▒░▒░▒░    ░ ▒░▒░▒░     ▒▒▓  ▒      ░██▒▒▒     ▒▒   ▓▒█░      ░ ▐░  
▒░▒   ░    ░ ░ ▒  ░   ░ ░ ▒ ▒░    ░ ░ ▒ ▒░     ░ ▒  ▒     ▓██ ░▒░      ▒   ▒▒ ░      ░ ░░  
 ░    ░      ░ ░  ░   ░ ░ ░ ▒     ░ ░ ░ ▒      ░ ░  ░     ▒ ▒ ░░       ░   ▒  ░        ░░  
 ░             ░  ░       ░ ░         ░ ░        ░  ░     ░ ░          ░   ░  ░         ░  
 ░                                      ░        ░  ░                         ░         ░




usage: BloodyAV.py [-h] [-p explorer.exe] [-m QueueUserAPC] [-nr] [-v] [-d] [-o output.exe] file

Mr.N1K0'S CUSTOM SHELLCODE LOADER FOR WINDOWS DEFAULT PROCESS

positional arguments:
  file                  File that containing raw shellcode

options:
  -h, --help            show this help message and exit
  -p explorer.exe, --process explorer.exe
                        Process to inject into
  -m QueueUserAPC, --method QueueUserAPC
                        Method for shellcode execution ( Method: QueueUserAPC, RemoteThreadContext, CurrentThread) (Recommended:QueueUserAPC)
  -nr, --no-randomize   Disable syscall name randomization
  -v, --verbose         Enable debugging messages upon execution and show more Info
  -d, --dll-sandbox     Use DLL based sandbox checks instead of the standard ones
  -o output.exe, --outfile output.exe
                        Name of output file

Features

  1. It has many loading modes. There are 13 loading modes in 32 bits and 12 loading modes in 64 bits.
  2. Support development. If a new attack means is found, you can develop template according to the specified method.
  3. Shellcode is automatically encrypted.The md5 of loaders that come from the same shellcode are different,because the generator uses time as seed to randomly generate 128-bit keys for encryption.
  4. XOR Encryption with Dynamic Key Generation
  5. Sandbox Evasion via Loaded DLL Enumeration
  6. Sandbox Evasion via Checking Processors, Memory, and Time
  7. You Can Also Add Your Own SystemCall in SystemCall.h File For Some Kind Of Customization.

installation

git clone https://github.com/MRNIKO1/BloodyAv.git

sudo apt install mingw-w64 python3 python3-pip

pip3 install colorama

cd BloodyAv

python3 BloodyAV.py -h 

Note

  1. For SandBox Evasion When you Run your Exe It will Take Some Time To Call Back To Your C2.
  2. -P Flag Will Only Work With Default PE Of Windows And For Running Process Like (explorer.exe, calc.exe, notepad.exe, etc)

Ref

About

BloodyAv is Custom Shell Code loader to Bypass Av and Edr.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published