rzdhop/Erebos-Zero
GitHub: rzdhop/Erebos-Zero
面向红队训练的Windows攻击技术集合,整合进程注入、EDR绕过和C2框架等核心能力。
Stars: 12 | Forks: 2
```
_______ _______ ____ ____
/ __/ _ \/ __/ _ )/ __ \/ __/
/ _// , _/ _// _ / /_/ /\ \
/___/_/|_/___/____/\____/___/
by : 0xRzdhop
```
## 🕷️ Erebos-Zero
大致来说,目前已实现的技术包括:
```
/loaders
├── shellcode
│ ├── EarlyBird APC injection : Thread queuing before execution
│ └── Process injector (4 levels) : Escalating evasion complexity levels
│ ├── Custom GetProcAddress : Manual EAT/PEB parsing
│ ├── Constantes XORed : String and data obfuscation
│ ├── Indirect syscall : Using legitimate ntdll gadgets
│ ├── Basic Anti-VM : Environment and CPUID checks
│ └── Basic Anti-Debug : PEB and flag monitoring
│
├── dll
│ ├── Basic DLL injection : Standard remote thread loading
│ └── shellcode Reflective DLL injection (sRDI) : Converting DLLs to PIC
│
├── Function stomping injection : Overwriting legitimate function bodies
├── Mapping injection : Shared sections, no WPM
└── Thread hijacking : Redirecting RIP/EIP contexts
/misc
├── PPID Spoofing : Breaking process tree analysis
├── Process Argument Spoofing : Masking CLI in ProcMon
├── IAT Hiding : Hashing imports via DJB2
└── Registry Stager : Fileless shellcode storage
/bypass
├── EDR
│ ├── Direct syscall : Manual SSN transition
│ ├── Indirect syscall : Stealthy return address
│ ├── Halo's Gate : Unhooked neighbor SSN recovery
│ ├── Hell's Gate : Dynamic EAT SSN extraction
│ ├── Dynamic SSN retrieval : Sorting Zw* functions
│ └── VEH AMSI Bypass : Hardware breakpoint interception
│
└── KASLR
├── Cache Prefetch side-channel : Timing attack on kernel
└── NtQuerySystemInformation : System module leak
/C2
├── V.1 (Legacy) : Basic modular beaconing
└── V.2 (Advanced) : High-stealth orchestration
├── StealthCall : Unified stack/syscall engine
├── Call Stack Spoofing : Synthetic frame reconstruction
└── PE Loader : Memory-resident EXE execution
/stagers
└── Web Stagers
└── basic HTTP stager : WinHttp payload fetching
```
## ⚠️ 免责声明
本项目仅用于**研究与教育**目的。
未经授权,请勿在系统上使用。
标签:0day挖掘, AMSI绕过, C++, C2框架, Conpot, DNS 反向解析, DOM解析, EDR绕过, Hpfeeds, IAT隐藏, KASLR绕过, SSH蜜罐, TGT, UML, Windows安全, 中高交互蜜罐, 代码混淆, 侧信道攻击, 内核安全, 反虚拟机, 反调试, 威胁检测, 安全学习资源, 安全工具开发, 客户端加密, 客户端加密, 恶意软件开发, 攻防演练, 数据擦除, 早期鸟注入, 系统调用, 自动回退, 进程参数欺骗, 进程注入, 间接系统调用, 高交互蜜罐