工具简介
al-khaser是一个PoC“恶意软件”应用程序,目的是加强你的反恶意软件系统。它会执行一系列常见的恶意软件技巧(虚拟机、仿真、调试器、沙盒检测等),目的是看看您是否能躲过检测。
工具特征
反调试攻击
IsDebuggerPresentCheckRemoteDebuggerPresentProcess Environment Block (BeingDebugged)Process Environment Block (NtGlobalFlag)ProcessHeap (Flags)ProcessHeap (ForceFlags)Low Fragmentation Heap (LFH)NtQueryInformationProcess (ProcessDebugPort)NtQueryInformationProcess (ProcessDebugFlags)NtQueryInformationProcess (ProcessDebugObject)WudfIsAnyDebuggerPresentWudfIsKernelDebuggerPresentWudfIsUserDebuggerPresentNtSetInformationThread (HideThreadFromDebugger)NtQueryObject (ObjectTypeInformation)NtQueryObject (ObjectAllTypesInformation)CloseHanlde (NtClose) Invalide HandleSetHandleInformation (Protected Handle)UnhandledExceptionFilterOutputDebugString (GetLastError())Hardware Breakpoints (SEH / GetThreadContext)Software Breakpoints (INT3 / 0xCC)Memory Breakpoints (PAGE_GUARD)Interrupt 0x2dInterrupt 1Trap FlagParent Process (Explorer.exe)SeDebugPrivilege (Csrss.exe)NtYieldExecution / SwitchToThreadTLS callbacksProcess jobsMemory write watchingPage exception breakpoint detectionAPI hook detection (module bounds based)
反分析
OllyDBG / ImmunityDebugger / WinDbg/ IDA Pro / X64dbg / Cheat EngineSysInternals Suite Tools (Process Explorer / Process Monitor / Regmon / Filemon, TCPView, Autoruns)Wireshark / Dumpcap / Fiddler / Http DebuggerProcessHacker / SysAnalyzer / HookExplorer / SysInspectorImportREC / PETools / LordPEJoeBox SandboxResource HackerFrida
等等……,更多请去项目中查看。
下载地址
https://github.com/LordNoteworthy/al-khaser
文章来源:Hack分享吧
黑白之道发布、转载的文章中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途及盈利等目的,否则后果自行承担!
如侵权请私聊我们删文
END
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容