堆栈内存溢出
  简体   繁体   English

我将如何使用 Coldfire 在 Go 中编写一个 AV 规避程序?

[英]How would I use Coldfire to write an AV evasion program in Go?

 原文  2022-11-13 11:51:53       go/ antivirus/ coldfire

问题描述

A bit of background: I am a pentester who is looking for new ways to get around AV detection during tests / bounties and I recently found the Go library "Coldfire" on Github. I am new to Go so I was wondering how I would structure a project with this package.一些背景知识:我是一名测试人员,正在寻找在测试/赏金期间绕过 AV 检测的新方法,我最近在 Github 上找到了 Go 库“Coldfire”。我是 Go 的新手,所以我想知道我将如何构建这个 package 的项目。

It doesn't give much instructions except the func that it uses and I am coming from Python.除了它使用的函数外,它没有给出太多说明,我来自 Python。

https://github.com/redcode-labs/Coldfire https://github.com/redcode-labs/Coldfire

If anyone can give me some tips, I am trying to write an AV evasion program that will kill AV processes and possibly disable a WAF.如果有人能给我一些提示,我正在尝试编写一个 AV 规避程序,该程序将杀死 AV 进程并可能禁用 WAF。

You don't have to give me full code or anything, I just would like some examples on how to use the package is all.你不必给我完整的代码或任何东西,我只想要一些关于如何使用 package 的例子。 Thank you so much and please excuse my lack of knowledge I love Go but am very new to it and trying to learn it respective to my profession.非常感谢,请原谅我缺乏知识,我喜欢 Go,但我对它还很陌生,正在尝试学习它与我的职业相关的知识。

Not really interested in Disruptive functions but with the recent outbreak in Go malware I would love to understand how malicious attackers use those functions too if possible.对破坏性功能不是很感兴趣,但随着最近 Go 恶意软件的爆发,如果可能的话,我很想了解恶意攻击者如何使用这些功能。

I imported the library but it kept giving me an error saying I wasn't using the package even though I had implemented some of the functions to see what they did.我导入了这个库,但它一直给我一个错误,说我没有使用 package,尽管我已经实现了一些功能来查看它们做了什么。

Not sure what goes in said func like..不确定所说的 func 是什么..

func PkillAv()

Not sure what would go in the {} on this one or if I would even need it.不确定这个 {} 中的 go 是什么,或者我是否需要它。

1 个解决方案

解决方案1
 -1  2022-11-14 20:48:08

You would just need to import it at the top part of your code like:您只需要在代码的顶部导入它,例如:

import "github.com/redcode-labs/Coldfire"

You also need to run你还需要运行

go mod tidy

To download this package.要下载这个package。

After that you can use the functions provided in the package. There is no "structure" that you need to manualy create之后你就可以使用package中提供的功能了。没有你需要手动创建的“结构”

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 go fyne 过滤器,即使我使用了错误的后缀,该程序也会创建一个空文件,名称为我写的 - go fyne filter,even i use wrong suffix,the program also create a empty file with the name i write 如何在Go程序中使用pprof - How to use pprof in Go program 我怎么能让Go程序使用更多内存? 这是推荐的吗? - How could I make a Go program use more memory? Is that recommended? 我将如何在Go中读取不断增长的文件? - How would I read a growing file in Go? 我可以在我的 Go 程序中直接使用 go-ipfs 吗? - Can I use go-ipfs directly in my Go program? 如何编译 Go 程序? - How can I compile a Go program? 如何使我的dockerized Go程序在默认端口上使用dockerized Redis? - How can I make my dockerized Go program to use a dockerized Redis on default port? 当我的程序中有并发查询时如何使用 go-sqlmock? - How to use go-sqlmock when I have concurrent query in my program? 如何在Go中写入DIBits结构? - How do I write to a DIBits structure in Go? 如何在 Go 中编写使用 -short 标志的测试并将其与 -benchmark 标志结合使用? - How do I write test in Go that make use of the -short flag and can it be combined with the -benchmark flag?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM