obfuscator
SysWhispers2
obfuscator | SysWhispers2 | |
---|---|---|
5 | 6 | |
3,739 | 1,436 | |
- | - | |
0.0 | 0.0 | |
7 months ago | over 1 year ago | |
Assembly | ||
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
obfuscator
-
Obfuscating WebAssembly using Emscripten with an LLVM-based obfuscator
Seeing as there are no WebAssembly obfuscators, I decided to try to build Emscripten with an LLVM-based obfuscator. Specifically, I built it using Hikari, which is based on the obfuscator-llvm project. This was built for research purposes and may not be practical in real-world scenarios, but I thought I'd share it here anyways!
-
Valve bans 40.000 dota2 accounts using honeypot patch
Love this topic. I remember Everquest used to checksum areas of memory that were commonly modified from cheats. World of Warcraft used to (possibly still does, it has been forever since I looked at this) inject anti cheat code at runtime.
Obfuscation and deobfuscation is also super interesting. I think overall reverse engineering and figuring out how things work is one of the most interesting things in computer science.
https://github.com/obfuscator-llvm/obfuscator/tree/llvm-4.0/...
https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm...
-
BEST KALI TOOL TO MAKE UNDETECTABLE BACKDOOR 2022?
obsfucator-llvm -- compiler suite that produces obsfucated binaries.
-
A question from a non-cheater
5- Ah, no. https://github.com/obfuscator-llvm/obfuscator/wiki but I see why you said that, I didn't mean to use shitty app to make your code harder to read, I apologise I meant changing the actual binary, use different opcodes mutate the code, etc.. like llvm obfuscator not this shit. but if I were you I would say the same since I didn't clarify this point.
-
Code obfuscation
the obfuscator-llvm project is a nice place to look at when introducing yourself to some fundamental obfuscation techniques like control-flow flattening and opaque predicates, which operate on top of assembly instructions and what are called basic blocks.
SysWhispers2
-
BEST KALI TOOL TO MAKE UNDETECTABLE BACKDOOR 2022?
syswhispers2 -- tool for helping unhook userland hooks by reimplementing syscalls. Basically just generates a header file; you still have to write the loader yourself.
- Syswhispers2 - AV/EDR evasion via direct system calls.
-
Are the logs from all .evtx and .etl files included with Get-EventLog and Get-WinEvent?
Yes, and based on this table sysmon actually causes additional events to be generated (although I think it is hooking high level APIs, so I think a technique like SysWhispers might cause some of these events to be invisible through Sysmon) so that could be useful even if we're not focused on the GUI. Writing my own ETW consumer / providers is a little advanced for me right now, so that's cool.
-
Can't do exploitation research on a novel unhooking approach without a database of the DLLs for every Windows version. Ideas?
https://github.com/jthuraisamy/SysWhispers2 (one of the more recent infosec "inventions")
-
Obfuscating powershell beacons
If you wanna stay with unmanaged code look into https://github.com/jthuraisamy/SysWhispers2 I'm a noob with native languages so can't say how effective it is. It also has a downside including ASM references to the binary that are unusual and might be detected, not sure on this tho.
- AV/EDR evasion via direct system calls
What are some alternatives?
Caesium - A Java bytecode obfuscator
DInvoke - Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
movfuscator - The single instruction C compiler
inline_syscall - Inline syscalls made easy for windows on clang
Javassist - Java bytecode engineering toolkit
etl-parser - Event Trace Log file parser in pure Python
Hikari-LLVM15 - A fork of Hikari Obfuscator [WIP]
HellsGate - Original C Implementation of the Hell's Gate VX Technique
yGuard - The open-source Java obfuscation tool working with Ant and Gradle by yWorks - the diagramming experts
Shhhloader - Syscall Shellcode Loader (Work in Progress)
MinecraftInjectionAPI - A simple API using MCP deobfuscation mappings helping you to inject mods at runtime
ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.