上传   管理   搜索   留言
Pudn.com > 下载中心  > 区块链开发  > ProtectMyTooling
ProtectMyTooling
下载(0) 赞(639) 踩(0) 评论(0) 收藏(0)
所属分类:区块链开发
开发工具:PowerShell
文件大小:47177KB
下载次数:0
上传日期:2023-04-04 10:49:37
上 传 者sh-1993
说明:  ProtectMyTooling,多包装器包装器,让我们菊花链各种包装器、模糊器和其他面向红队的武器。羽毛,
(Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable. ,)
文件列表:
CobaltStrike (0, 2023-04-04)
CobaltStrike\ProtectMyTooling.cna (37119, 2023-04-04)
CobaltStrike\cobaltProtectMyTooling.py (9815, 2023-04-04)
ProtectMyTooling.py (19298, 2023-04-04)
ProtectMyToolingGUI.pyw (24728, 2023-04-04)
RedBackdoorer.py (52257, 2023-04-04)
RedWatermarker.py (30424, 2023-04-04)
config (0, 2023-04-04)
config\ProtectMyTooling.yaml (4531, 2023-04-04)
config\sample-full-config.yaml (10134, 2023-04-04)
contrib (0, 2023-04-04)
contrib\AsStrongAsFuck (0, 2023-04-04)
contrib\AsStrongAsFuck\AsStrongAsFuck.exe (570880, 2023-04-04)
contrib\AtomPePacker (0, 2023-04-04)
contrib\AtomPePacker\Hasher.exe (11264, 2023-04-04)
contrib\AtomPePacker\Modules (0, 2023-04-04)
contrib\AtomPePacker\Modules\DllPP64Stub.dll (25600, 2023-04-04)
contrib\AtomPePacker\Modules\PP64Stub.exe (24576, 2023-04-04)
contrib\AtomPePacker\PePacker.exe (44544, 2023-04-04)
contrib\CallObf (0, 2023-04-04)
contrib\CallObf\cobf64.exe (307712, 2023-04-04)
contrib\CallObf\cobf86.exe (241664, 2023-04-04)
contrib\ConfuserEx (0, 2023-04-04)
contrib\ConfuserEx\active-mkaring (0, 2023-04-04)
contrib\ConfuserEx\active-mkaring\CommonServiceLocator.dll (9728, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.CLI.exe (14336, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.CLI.exe.config (171, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.Core.dll (194048, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.DynCipher.dll (47616, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.Protections.dll (153600, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.Renamer.dll (352768, 2023-04-04)
contrib\ConfuserEx\active-mkaring\Confuser.Runtime.dll (46080, 2023-04-04)
contrib\ConfuserEx\active-mkaring\ConfuserEx.exe (278528, 2023-04-04)
contrib\ConfuserEx\active-mkaring\ConfuserEx.exe.config (582, 2023-04-04)
contrib\ConfuserEx\active-mkaring\GalaSoft.MvvmLight.Extras.dll (21504, 2023-04-04)
contrib\ConfuserEx\active-mkaring\GalaSoft.MvvmLight.Platform.dll (13824, 2023-04-04)
contrib\ConfuserEx\active-mkaring\GalaSoft.MvvmLight.dll (30208, 2023-04-04)
... ...
![1.png](https://github.com/mgeeky/ProtectMyTooling/blob/master/images/1.png) # Don't Detect Tools - Detect Techniques Rationale behind releasing this software was outlined in an acompanying blog post: - [ProtectMyTooling - Don't detect tools, detect techniques](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://mgeeky.tech/protectmytooling/) ## Intro Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, **helping watermark your artifacts, collect IOCs, backdoor and more**. **ProtectMyToolingGUI.py** ![3.png](https://github.com/mgeeky/ProtectMyTooling/blob/master/images/3.png) With `ProtectMyTooling` you can quickly obfuscate your binaries without having to worry about clicking through all the Dialogs, interfaces, menus, creating projects to obfuscate a single binary, clicking through all the options available and wasting time about all that nonsense. It takes you straight to the point - to obfuscate your tool. Aim is to offer the most convenient interface possible and allow to leverage _a daisy-chain of multiple packers_ combined on a single binary. That's right - we can launch `ProtectMyTooling` with several packers at once: ``` C:\> py ProtectMyTooling.py hyperion,upx mimikatz.exe mimikatz-obf.exe ``` The above example will firstly pass `mimikatz.exe` to the Hyperion for obfuscation, and then the result will be provided to UPX for compression. Resulting with `UPX(Hyperion(file))` ## Features - Supports multiple different PE Packers, .NET Obfuscators, Shellcode Loaders/Builders - Allows daisy-chaining packers where output from a packer is passed to the consecutive one: `callobf,hyperion,upx` will produce artifact `UPX(Hyperion(CallObf(file)))` - Collects IOCs at every obfuscation step so that auditing & Blue Team requests can be satisfied - Offers functionality to inject custom Watermarks to resulting PE artifacts - in DOS Stub, Checksum, as a standalone PE Section, to file's Overlay - Comes up with a handy Cobalt Strike aggressor script bringing `protected-upload` and `protected-execute-assembly` commands - Straightforward command line usage ## Installation **This tool was designed to work on Windows, as most packers natively target that platform.** Some features may work however on Linux just fine, nonetheless that support is not fully tested, please report bugs and issues. 1. First, **disable your AV** and add `contrib` directory to exclusions. That directory contains obfuscators, protectors which will get flagged by AV and removed. 2. Then clone this repository ``` PS C:\> git clone --recurse https://github.com/Binary-Offensive/ProtectMyTooling ``` 3. Actual installation is straightforward: **Windows** ``` PS C:\ProtectMyTooling> .\install.ps1 ``` **Linux** ``` bash# ./install.sh ``` ### Gimmicks For `ScareCrow` packer to run on Windows 10, there needs to be `WSL` installed and `bash.exe` available (in `%PATH%`). Then, in WSL one needs to have `golang` installed in version at least `1.16`: ``` cmd> bash bash$ sudo apt update ; sudo apt upgrade -y ; sudo apt install golang=2:1.18~3 -y ``` ## Configuration To plug-in supported obfuscators, change default options or point **ProtectMyTooling** to your obfuscator executable path, you will need to adjust `config\ProtectMyTooling.yaml` configuration file. There is also `config\sample-full-config.yaml` file containing all the available options for all the supported packers, serving as reference point. ## Friendly reminder - If your produced binary crashes or doesn't run as expected - try using different packers chain. - Packers don't guarantee stability of produced binaries, therefore ProtectMyTooling cannot as well. - While chaining, carefully match output->input payload formats according to what consecutive packer expects. --- ## Usage Before `ProtectMyTooling`'s first use, it is essential to adjust program's YAML configuration file `ProtectMyTooling.yaml`. The order of parameters processal is following: - Firstly default parameters are used - Then they're overwritten by values coming from YAML - Finally, whatever is provided in command line will overwrite corresponding values There, supported packer paths and options shall be set to enable. ### Scenario 1: Simple ConfuserEx obfuscation Usage is very simple, all it takes is to pass the name of obfuscator to choose, input and output file paths: ``` C:\> py ProtectMyTooling.py confuserex Rubeus.exe Rubeus-obf.exe ::::::::::.:::::::.. ... :::::::::::.,:::::: .,-:::::::::::::::: `;;;```.;;;;;;``;;;; .;;;;;;;;;;;;;;;\''';;;;\'\''',;;;'````;;;;;;;;\'\''' `]]nnn]]' [[[,/[[[' ,[[ \[[, [[ [[cccc [[[ [[ $$$"" $$$$$$c $$$, $$$ $$ $$"""" $$$ $$ 888o 888b "88bo"888,_ _,88P 88, 888oo,_`88bo,__,o, 88, . YMMMb :.-:.MM ::-. "YMMMMMP" MMM """"YUMMM"YUMMMMMP" MMM ;;,. ;;;';;. ;;;;' [[[[, ,[[[[, '[[,[[[' $$$$$$$$"$$$ c$$" 888 Y88" 888o,8P"` ::::::::::::mM... ... ::: :::::. :::. .,-:::::/ ;;;;;;;;\'''.;;;;;;;. .;;;;;;;. ;;; ;;`;;;;, `;;,;;-'````' [[ ,[[ \[[,[[ \[[,[[[ [[[ [[[[[. '[[[[ [[[[[[/ $$ $$$, $$$$$, $$$$$' $$$ $$$ "Y$c$"$$c. "$$ 88, "888,_ _,88"888,_ _,88o88oo,._888 888 Y88`Y8bo,,,o88o MMM "YMMMMMP" "YMMMMMP"""""YUMMMMM MMM YM `'YMUP"YMM Red Team implants protection swiss knife. Multi-Packer wrapping around multitude of packers, protectors, shellcode loaders, encoders. Mariusz Banach / mgeeky '20-'22, v0.16 [.] Processing x86 file: "\Rubeus.exe" [.] Generating output of ConfuserEx()... [+] SUCCEEDED. Original file size: 417280 bytes, new file size ConfuserEx(): 756224, ratio: 181.23% ``` ### Scenario 2: Simple ConfuserEx obfuscation followed by artifact test One can also obfuscate the file and immediately attempt to launch it (also with supplied optional parameters) to ensure it runs fine with options `-r --cmdline CMDLINE`: ``` C:\> py ProtectMyTooling.py confuserex Rubeus.exe Rubeus-obf.exe -r --cmdline "hash /password:foobar" [...] [.] Processing x86 file: "\Rubeus.exe" [.] Generating output of ConfuserEx()... [+] SUCCEEDED. Original file size: 417280 bytes, new file size ConfuserEx(): 758272, ratio: 181.72% Running application to test it... ______ _ (_____ \ | | _____) )_ _| |__ _____ _ _ ___ | __ /| | | | _ \| ___ | | | |/___) | | \ \| |_| | |_) ) ____| |_| |___ | |_| |_|____/|____/|_____)____/(___/ v2.0.0 [*] Action: Calculate Password Hash(es) [*] Input password : foobar [*] rc4_hmac : BAAC3929FABC9E6DCD32421BA94A84D4 [!] /user:X and /domain:Y need to be supplied to calculate AES and DES hash types! ``` ### Scenario 3: Complex malware obfuscation with watermarking and IOCs collection Below use case takes `beacon.exe` on input and feeds it consecutively into `CallObf` -> `UPX` -> `Hyperion` packers. Then it will inject specified `fooobar` watermark to the final generated output artifact's DOS Stub as well as modify that artifact's checksum with value `0xAABBCCDD`. Finally, ProtectMyTooling will capture all IOCs (md5, sha1, sha256, imphash, and other metadata) and save them in auxiliary CSV file. That file can be used for IOC matching as engagement unfolds. ``` PS> py .\ProtectMyTooling.py callobf,upx,hyperion beacon.exe beacon-obf.exe -i -I operation_chimera -w dos-stub=fooobar -w checksum=0xaabbccdd [...] [.] Processing x*** file: "beacon.exe" [>] Generating output of CallObf()... [.] Before obfuscation file's PE IMPHASH: 17b461a082950fc6332228572138b80c [.] After obfuscation file's PE IMPHASH: 378d9692fe91eb54206e***c224a25f43 [>] Generating output of UPX(CallObf())... [>] Generating output of Hyperion(UPX(CallObf()))... [+] Setting PE checksum to 28***434397 (0xaabbccdd) [+] Successfully watermarked resulting artifact file. [+] IOCs written to: beacon-obf-ioc.csv [+] SUCCEEDED. Original file size: 288256 bytes, new file size Hyperion(UPX(CallObf())): 175616, ratio: 60.92% ``` Produced IOCs evidence CSV file will look as follows: ```csv timestamp,filename,author,context,comment,md5,sha1,sha256,imphash 2022-06-10 03:15:52,beacon.exe,mgeeky@commandoVM,Input File,test,dcd6e13754ee753928744e27e***abd16,2***de19d4a***7d87ac83f5d2d78338121ddb3cb7,0a***768c46831d***c5667d26dc731408a5871accefd38806b2709c66cd9d21e4,17b461a082950fc6332228572138b80c 2022-06-10 03:15:52,y49***1l3.bin,mgeeky@commandoVM,Obfuscation artifact: CallObf(),test,50bbce4c3cc928e274ba15bff0795a8c,15bde0d7fbba1841f7433510fa9aa829f8441aeb,e216cd8205f13a5e3c5320ba7fb88a3dbb6f53ee8490aa8b4e1baf2c6684d27b,378d9692fe91eb54206e***c224a25f43 2022-06-10 03:15:53,nyu2rbyx.bin,mgeeky@commandoVM,Obfuscation artifact: UPX(CallObf()),test,4d3584f10084cded5c6da7a63d42f758,e4966576bdb67e389ab1562e24079ba9bd565d32,97ba4b17c9bd9c12c06c7ac2dc17428d509b***fc8ca9e88ee2de02c36532be10,9aebf3da4677af9275c461261e5abde3 2022-06-10 03:15:53,beacon-obf.exe,mgeeky@commandoVM,Obfuscation artifact: Hyperion(UPX(CallObf())),test,8b706ff39dd4c8f2b031c8fa6e3c25f5,c***aad468b1ecadada3557cb3f6371e899d59790,087c6353279eb5cf04715ef096a18f83ef8184aa52bc1d5884e33***0028bc365,a46ea633057f9600559d5c6b328bf83d 2022-06-10 03:15:53,beacon-obf.exe,mgeeky@commandoVM,Output obfuscated artifact,test,043318125c60d36e0b745fd38582c0b8,a7717d1c47cbcdf872101bd488e53b8482202f7f,b3cf4311d249d4a***1eb17a33c9b89eff656fff239e0d7bb044074018ec00e20,a46ea633057f9600559d5c6b328bf83d ``` ## Supported Packers `ProtectMyTooling` was designed to support not only Obfuscators/Packers but also all sort of builders/generators/shellcode loaders usable from the command line. At the moment, program supports various Commercial and Open-Source packers/obfuscators. Those Open-Source ones are bundled within the project. Commercial ones will require user to purchase the product and configure its location in `ProtectMyTooling.yaml` file to point the script where to find them. 1. [`Amber`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/EgeBalci/amber) - Reflective PE Packer that takes EXE/DLL on input and produces EXE/PIC shellcode 2. [`AtomPePacker`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/ORCx41/AtomPePacker) - A Highly capable Pe Packer 3. [`AsStrongAsFuck`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/Charterino/AsStrongAsFuck) - A console obfuscator for .NET assemblies by Charterino 4. [`CallObfuscator`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/d35ha/CallObfuscator) - Obfuscates specific windows apis with different apis. 5. [`ConfuserEx`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/mkaring/ConfuserEx) - Popular .NET obfuscator, forked from [Martin Karing](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/mkaring) 6. [`Donut`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/TheWover/donut) - Popular PE loader that takes EXE/DLL/.NET on input and produces a PIC shellcode 7. [`Enigma`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://enigmaprotector.com/) - A powerful system designed for comprehensive protection of executable files 8. [`Freeze`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/optiv/Freeze) - Takes input EXE/DLL file and produces output one with cloned certificate, removed Golang-specific IoCs and bloated size. By Matt Eidelberg (@Tyl0us). 9. [`Hyperion`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://nullsecurity.net/tools/binary.html) - runtime encrypter for 32-bit and ***-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter" 10. [`IntelliLock`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://www.eziriz.com/intellilock.htm) - combines strong license security, highly adaptable licensing functionality/schema with reliable assembly protection 11. [`InvObf`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/danielbohannon/Invoke-Obfuscation) - Obfuscates Powershell scripts with `Invoke-Obfuscation` (by Daniell Bohannon) 12. [`LoGiC.NET`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/AnErrupTion/LoGiC.NET) - A more advanced free and open .NET obfuscator using dnlib by AnErrupTion 13. [`Mangle`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/optiv/Mangle) - Takes input EXE/DLL file and produces output one with cloned certificate, removed Golang-specific IoCs and bloated size. By Matt Eidelberg (@Tyl0us). 14. [`MPRESS`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://www.autohotkey.com/mpress/mpress_web.htm) - MPRESS compressor by Vitaly Evseenko. Takes input EXE/DLL/.NET/MAC-DARWIN (x86/x***) and compresses it. 15. [`NetReactor`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://www.eziriz.com/dotnet_reactor.htm) - Unmatched .NET code protection system which completely stops anyone from decompiling your code 16. [`NetShrink`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://www.pelock.com/pl/produkty/netshrink) - an exe packer aka executable compressor, application password protector and virtual DLL binder for Windows & Linux .NET applications. 17. [`Nimcrypt2`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/icyguider/Nimcrypt2) - Generates Nim loader running input .NET, PE or Raw Shellcode. Authored by [(@icyguider)](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://twitter.com/icyguider) 18. [`NimPackt-v1`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/chvancooten/NimPackt-v1) - Takes Shellcode or .NET Executable on input, produces EXE or DLL loader. Brought to you by Cas van Cooten [(@chvancooten)](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://twitter.com/chvancooten) 19. [`NimSyscallPacker`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/S3cur3Th1sSh1t-Sponsors/NimSyscallPacker) - Takes PE/Shellcode/.NET executable and generates robust Nim+Syscalls EXE/DLL loader. Sponsorware authored by [(@S3cur3Th1sSh1t)](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://twitter.com/ShitSecure) 20. [`Packer***`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/jadams/Packer***) - wrapper around John Adams' `Packer***` 21. [`pe2shc`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/hasherezade/pe_to_shellcode) - Converts PE into a shellcode. By yours truly [@hasherezade](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://twitter.com/hasherezade) 22. [`peCloak`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool 23. [`peresed`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/avast/pe_tools) - Uses _"peresed"_ from **avast/pe_tools** to remove all existing PE Resources and signature _(think of Mimikatz icon)._ 24. [`peunion`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://bytecode77.com/pe-union) - Encrypts executables (x86 or .NET x86/x***), which are decrypted at runtime and executed in-memory 25. [`ScareCrow`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/optiv/ScareCrow) - EDR-evasive x*** shellcode loader that produces DLL/CPL/XLL/JScript/HTA artifact loader 26. [`sgn`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/EgeBalci/sgn) - Shikata ga nai (–) encoder ported into go with several improvements. Takes shellcode, produces encoded shellcode 27. [`SmartAssembly`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://www.red-gate.com/products/dotnet-development/smartassembly/) - obfuscator that helps protect your application against reverse-engineering or modification, by making it difficult for a third-party to access your source code 28. [`sRDI`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://github.com/monoxgas/sRDI) - Convert DLLs to position independent shellcode. Authored by: [Nick Landers, @monoxgas](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://twitter.com/monoxgas) 29. [`Themida`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://www.oreans.com/Themida.php) - Advanced Windows software protection system 30. [`UPX`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://upx.github.io/) - a free, portable, extendable, high-performance executable packer for several executable formats. 31. [`VMProtect`](https://github.com/mgeeky/ProtectMyTooling/blob/master/https://vmpsoft.com/) - protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the software You can quickly list supported packers using `-L` option (table columns are chosen depending on Terminal width, the wider the more information revealed): ``` C:\> py ProtectMyTooling.py -L [...] Red Team implants protection swiss knife. Multi-Packer wrapping around multitude of packers, protectors, shellcode loaders, encoders. Mariusz Banach / mgeeky '20-'22, v0.16 +----+----------------+-------------+-----------------------+-----------------------------+------------------------+--------------------------------------------------------+ | # | Name | Type | Licensing | Input | Output | Author | +----+----------------+-------------+-----------------------+-----------------------------+------------------------+--------------------------------------------------------+ | 1 | amber | open-source | Shellcode Loader | PE | EXE, Shellcode | Ege Balci | | 2 | asstrongas*** | open-source | .NET Obfuscator | .NET | .NET | Charterino, klezVirus | | 3 | atompepacker | open-source | PE EXE/DLL Protector | PE | EXE, DLL | ORCA (@ORCx41, ORCx41@gmail.com) | | 4 | backdoor | open-source | Shellcode Loader | Shellcode | PE | Mariusz Banach, @mariuszbit | | 5 | callobf | open-source | PE EXE/DLL Protector | PE | PE | Mustafa Mahmoud, @d35ha | | 6 | confuserex | open-source | .NET Obfuscator | .NET | .NET | mkaring | | 7 | donut-packer | open-source | Shellcode Converter | PE, .NET, VBScript, JScript | Shellcode | TheWover | | 8 | enigma | commercial | PE EXE/DLL Protector | PE | PE | The Enigma Protector Developers Team | | 9 | freeze | open-source | Shellcode Loader | Shellcode | PE | Matt Eidelberg (@Tyl0us) | | 10 | hyperion | open-source | PE EXE/DLL Protector | PE | PE | nullsecurity team | | 11 | intellilock | commercial | .NET Obfuscator | PE | PE | Eziriz | | 12 | invobf | open-source | Powershell Obfuscator | Powershell | Powershell | Daniel Bohannon | | 13 | logicnet | open-source | .NET Obfuscator | .NET | .NET | AnErrupTion, klezVirus | | 14 | mangle | open-source | Executable Signing | PE | PE | Matt Eidelberg (@Tyl0us) | | 15 | mpress | freeware | PE EXE/DLL Compressor | PE | PE | Vitaly Evseenko | | 16 | netreactor | commercial | .NET Obfuscator | .NET | .NET | Eziriz | | 17 | netshrink | open-source | .NET Obfuscator | .NET | .NET | Bartosz Wjcik | | 18 | nimcrypt2 | open-source | Shellcode Loader | PE, .NET, Shellcode | PE | @icyguider | | 19 | nimpackt | open-source | Shellcode Loader | .NET, Shellcode | PE | Cas van Cooten (@chvancooten) | | 20 | nimsyscall | sponsorware | Shellcode Loader | PE, .NET, Shellcode | PE | @S3cur3Th1sSh1t | | 21 | packer*** | open-source | PE EXE/DLL Compressor | PE | PE | ... ...
近期下载者
相关文件
收藏者

© 联合开发网 from 2004 | 联系站长 | 湘ICP备2023001425号 | 网安备43010502000604 |