Awesome

所有收集类项目

Anti-AV

• 跟杀软和免杀有关的资料，当前包括200+工具和1300+文章，根据功能进行了粗糙的分类
• 相关内容，在有关Payload、Shellcode、混淆、PowerShell、隐写、注入、远控收集里
• English Version

目录

• veil -> (5)工具 (41)文章
• ASWCrypter -> (1)工具
• AVIator -> (1)工具 (1)文章
• Avet -> (2)工具 (14)文章
• Avoidz -> (1)工具
• BDF -> (2)工具 (13)文章
• CACTUSTORCH -> (3)工具 (6)文章
• DKMC -> (1)工具 (3)文章
• GreatSCT -> (1)工具 (2)文章
• Green-Hat-Suite -> (1)工具
• HERCULES -> (1)工具 (8)文章
• Python-Rootkit -> (1)工具
• SharpShooter -> (1)工具 (18)文章
• SpookFlare -> (1)工具 (2)文章
• TheFatRat -> (2)工具 (8)文章
• Venom -> (6)工具 (8)文章
• Winpayloads -> (1)工具 (4)文章
• nps_payload -> (2)工具 (3)文章
• zirikatu -> (1)工具 (1)文章
• unicorn -> (1)工具
• Shellter -> (17)文章
• dr0p1t -> (1)工具 (3)文章
• phantom -> (1)工具 (1)文章
• morphaes -> (1)工具 (1)文章
• unibyav -> (1)工具
• armor -> (1)工具
• foolav -> (2)工具 (2)文章
• Inception -> (1)工具
• CarbonCopy -> (1)工具
• metasploitavevasion -> (1)工具
• SideStep -> (1)工具 (1)文章
• nativepayload_dns -> (1)工具
• HackTheWorld -> (1)工具
• Salsa-tools -> (1)工具
• mcreator -> (1)工具
• 杀毒软件
  • ClamAV -> (18)工具 (45)文章
  • phpmussel -> (1)工具
  • AntiSpy -> (1)工具 (2)文章
  • TinyAntivirus -> (1)工具
  • yourav -> (1)工具
  • Armadito -> (3)工具
  • kicomav -> (1)工具
  • (7) 工具
• 白利用
  • (11) 文章-白利用
  • (3) 文章-白加黑
  • (40) 文章-LOLBins
• SysWhispers -> (1)文章
• 工具
  • (2) 资源收集
  • (120) 新添加
• 文章
  • (291) 新添加
  • Msfvenom
    • (10) Msfvenom
    • (7) Youtube
    • (7) hackingarticles
  • (346) AntiVirus
  • (360) 杀软/杀毒/杀
  • (7) 远控免杀从入门到实践
  • (18) 恶意代码
  • (10) webshell

<a id="13fd86f84443937a29340957140ce48a"></a>veil

<a id="3a2c068e615306b2557444d3ff0fd8d4"></a>工具

• [1900星][4m] [Py] veil-framework/veil 生成免杀的Metasploit Payload
• [1515星][11d] [Py] veil-framework/veil-evasion 一种用于生成metasploit有效负载的工具，它绕过了常用的反病毒解决方案
• [75星][5y] [PS] cheetz/powertools Veil's PowerTools are a collection of PowerShell projects with a focus on offensive operations.
• [73星][8m] [Py] veil-framework/veil-catapult Veil Catapult is no longer supported
• [63星][5y] [Py] veil-framework/veil-ordnance Veil-Ordnance is a tool designed to quickly generate MSF stager shellcode

<a id="fb91f19c332b7713b5961026e7f8d9f0"></a>文章

• 2019.10 [Cooper] Piercing The Veil: Server Side Request Forgery Attacks On Internal Networks - Alyssa Herrera
• 2019.01 [freebuf] Kali Linux中的VEIL Framework绕过防病毒软件实验
• 2019.01 [sans] The State of the Veil Framework
• 2018.09 [microsoft] Office VBA + AMSI: Parting the veil on malicious macros
• 2018.09 [microsoft] Office VBA + AMSI: Parting the veil on malicious macros
• 2018.06 [NetworkHeros] Ethical Hacking (CEH v10) : Undetectable payload with veil | Hack any Windows 10
• 2018.05 [cyberarms] Anti-Virus Bypass with Veil on Kali Linux
• 2018.05 [HackerSploit] Veil-Evasion - How To Generate Undetectable Payloads | Antivirus Bypass
• 2018.04 [freebuf] Veil-Evasion+PyJoiner捆绑两个EXE免杀思路分享
• 2018.04 [alyssa] Piercing the Veil: Server Side Request Forgery to NIPRNet access
• 2018.03 [NDSSSymposium] NDSS2018 Veil: Private Browsing Semantics Without Browser-side Assistance
• 2017.06 [UltraHacks] Veil Evasion successful Installation on Kali Linux 3.0
• 2017.03 [n0where] Antivirus Evasion Framework: Veil Framework
• 2017.03 [fireeye] AntiVirus Evasion Reconstructed – Veil 3.0
• 2016.09 [polaris] 使用 Veil-Evasion+Metasploit 打造免杀 Payload
• 2016.07 [JackkTutorials] How to Bypass antiviruses with Veil Evasion
• 2016.05 [JackkTutorials] How to install Veil Framework on Kali Linux 2016.1
• 2016.05 [tevora] Dissecting Veil-Evasion Powershell Payloads and Converting to a Bind Shell
• 2016.04 [cylance] Veil-Evasion Vulnerability Discovered by Cylance
• 2016.04 [hack] Veil Evasion: Payloads Made Easy
• 2016.02 [kalitutorials] Antivirus Evasion : Bypassing AV with Veil
• 2015.12 [freebuf] Kali 2.0教程：如何安装Veil-Evasion
• 2015.10 [secist] 手工测试Veil-Evasion过360和Dirty COW(内附视频)
• 2015.10 [secist] 免杀后门(二)之MSF&Veil-Catapult的完美结合
• 2015.10 [secist] 免杀后门之MSF&Veil-Evasion的完美结合
• 2015.10 [christophertruncer] Veil-Framework and ChristopherTruncer Website Brute Force and Just-Metadata
• 2015.03 [harmj0y] Drilling deeper with Veil's PowerTools
• 2014.12 [cyberarms] Installing Veil Framework on Kali Linux
• 2014.08 [harmj0y] Finding Local Admin with the Veil-Framework
• 2014.07 [netspi] Bypassing AV with Veil-Evasion
• 2014.06 [harmj0y] Veil-PowerView: A Usage Guide
• 2014.04 [bluescreenofjeff] Fresh Veil
• 2014.01 [christophertruncer] Developing a Self-Brute Forcing Payload for Veil
• 2013.11 [freebuf] 免杀Payload生成工具Veil使用视频演示（视频）
• 2013.10 [cyberarms] Veil AV Bypass on Kali
• 2013.06 [] Veil—绕过杀毒软件的payload生成器
• 2013.06 [hackingarticles] Veil – A Metasploit Payload Generator to Bypass Antivirus
• 2013.06 [cyberarms] Creating Remote Shells that Bypass Anti-Virus with “Veil”
• 2013.06 [freebuf] Veil – 免杀payload生成工具
• 2013.05 [christophertruncer] Veil – A Payload Generator to Bypass Antivirus
• 2010.05 [netspi] Echo Mirage: Piercing the Veil of Thick Application Security

<a id="2b42bd6443319711cc12f2f6e50ddbfe"></a>ASWCrypter

<a id="8f0b8198835e2c90692ec1376e30a689"></a>工具

• [273星][2y] [Shell] abedalqaderswedan1/aswcrypter An Bash&Python Script For Generating Payloads that Bypasses All Antivirus so far [FUD]

<a id="4a1d607241b8f21b06664347f39a339c"></a>AVIator

<a id="10901ea9fcdafae3e4c34da73b435cee"></a>工具

• [329星][6m] [C#] ch0pin/aviator Antivirus evasion project

<a id="49b348e0e13fd9ebff7dcdaafe2c2b9b"></a>文章

• 2014.04 [holisticinfosec] Browse this: & Oryon C Portable & WhiteHat Aviator

<a id="a0849be5404b3ed7c789e979cc3b1382"></a>Avet

<a id="27953172d38e0d8a401b0e614b9287ec"></a>工具

• [1095星][11d] [C] govolution/avet 免杀工具
• [3星][1y] [C] govolution/avetosx AntiVirus Evasion Tool

<a id="90c144f7f5eed8792ccab8c9e602a403"></a>文章

• 2019.07 [govolution] Slides – Introduction to AVET
• 2018.09 [govolution] Avet setup.sh script
• 2018.08 [3gstudent] AntiVirus Evasion Tool(avet)测试分析
• 2018.08 [3gstudent] AntiVirus Evasion Tool(avet)测试分析
• 2018.08 [govolution] Paper AVET BLACKHAT USA ARSENAL 2018
• 2018.08 [govolution] Paper AVET BLACKHAT USA ARSENAL 2018
• 2018.03 [rapid7] Cavete Symantec Testimonium Exspirare Martiis (Beware the Symantec Certificates Expiring in March)
• 2017.11 [cybersecurityinterviews] 043 – David Navetta: The Year Of the Phishing Attack
• 2017.08 [360] avet：杀软绕过工具使用教程
• 2017.07 [govolution] Paper AVET Blackhat USA 2017
• 2017.06 [govolution] AVET video
• 2017.05 [govolution] AVET and unstaged payloads
• 2017.04 [govolution] Slides Owasp Meeting Cologne AVET
• 2017.03 [n0where] AntiVirus Evasion Tool: AVET

<a id="0ce51643a8accfa61b1920747b92347b"></a>Avoidz

<a id="dd3084ae08dd36d458ad17df487c2976"></a>工具

• [119星][12d] [Ruby] m4sc3r4n0/avoidz Avoidz tool to bypass most A.V softwares

<a id="0f9a694410214f0e09caaa0132968656"></a>BDF

<a id="2b8c4e72ae18bc130b5cc45b22882d85"></a>工具

• [2475星][14d] [Py] secretsquirrel/the-backdoor-factory 为PE, ELF, Mach-O二进制文件添加Shellcode后门
• [788星][3y] [Py] secretsquirrel/bdfproxy Patch Binaries via MITM: BackdoorFactory + mitmProxy. (NOT SUPPORTED)

<a id="9dbfd4fdbf6435ac9913a1d83c5c3c7c"></a>文章

• 2017.11 [aliyun] 基于BDF的免杀
• 2017.11 [aliyun] 利用BDF向DLL文件植入后门
• 2017.10 [4hou] 利用BDF向DLL文件植入后门
• 2017.10 [4hou] 利用BDF向EXE文件植入后门
• 2017.10 [3gstudent] 利用BDF向DLL文件植入后门
• 2017.10 [3gstudent] 利用BDF向DLL文件植入后门
• 2017.10 [3gstudent] 利用BDF向EXE文件植入后门
• 2017.10 [3gstudent] 利用BDF向EXE文件植入后门
• 2016.06 [secureallthethings] BDF Preprocessor and Going Forward
• 2015.12 [secureallthethings] Add PE Code Signing to Backdoor Factory (BDF)
• 2015.10 [secist] 免杀后门(三)之backdoor-factory patch注入绕过
• 2015.02 [secureallthethings] New BDF Feature: Import Table 'Patching'
• 2014.08 [toolswatch] Backdoor Factory Proxy (BDFProxy) v0.1 Released

<a id="b3a06244641c573c12d076de5cedb37a"></a>CACTUSTORCH

<a id="e0cb098391fd9ed90121e2916b9d6e1f"></a>工具

• [598星][3y] [Visual Basic .NET] mdsecactivebreach/cactustorch Payload Generation for Adversary Simulations
• [108星][3y] [Shell] xillwillx/cactustorch_ddeauto OFFICE DDEAUTO Payload Generation script
• [51星][12d] [Visual Basic] vysecurity/cactustorch Payload Generation for Adversary Simulations

<a id="1a5f76b8dc23b9db07ada5e84395e918"></a>文章

• 2018.07 [4hou] CactusTorch通过.net无文件感染受害者
• 2018.07 [mcafee] CactusTorch Fileless Threat Abuses .NET to Infect Victims
• 2018.07 [mcafee] CactusTorch Fileless Threat Abuses .NET to Infect Victims
• 2018.07 [mcafee] CactusTorch Fileless Threat Abuses .NET to Infect Victims
• 2018.06 [vysec] Payload Generation with CACTUSTORCH
• 2017.07 [mdsec] CACTUSTORCH 实战

<a id="cef3b934de15377654f46f1e1ac60b34"></a>DKMC

<a id="46b192d2a3ba0747e84e2aaef1b0dd9e"></a>工具

• [761星][1y] [Py] mr-un1k0d3r/dkmc DKMC - Dont kill my cat - Malicious payload evasion tool

<a id="1125d9d5b37b5a78bd067fbe3ffbc595"></a>文章

• 2018.03 [govolution] Download & Exec PoC and DKMC
• 2018.03 [govolution] Download & Exec PoC and DKMC
• 2017.09 [secist] DKMC | bmp | Msf | kali linux 2017

<a id="61bd903441458d02b5f29e0c7c88772c"></a>GreatSCT

<a id="8db87bb7235bd7bbd5c172d162d76f9a"></a>工具

• [778星][2y] [Py] greatsct/greatsct 生成绕过常见防病毒解决方案和应用程序白名单解决方案的metasploit payload

<a id="af1bbce8299e80c5d895279059d5f2e8"></a>文章

• 2019.01 [hackingarticles] GreatSct – An Application Whitelist Bypass Tool
• 2018.01 [secist] GreatSCT | MSF | 白名单

<a id="3c299dae55724965657ddae00d58f445"></a>Green-Hat-Suite

<a id="fedf1b28a3eaafa5e1c7195622961dac"></a>工具

• [107星][12d] [Ruby] green-m/green-hat-suite Green-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.

<a id="374c9d9255645a308f45c5861c90982b"></a>HERCULES

<a id="bbaceff782da895cb6436580b9faf348"></a>工具

• [471星][3y] [Go] egebalci/hercules HERCULES is a special payload generator that can bypass antivirus softwares.

<a id="ac892582920f6b3faa83996fe7d32f7c"></a>文章

• 2018.11 [astr0baby] Running MVS 3.8 on Hercules NetBSD arm64 Pinebook
• 2018.07 [SSTecTutorials] Hercules - Automated Free VPN Connection on Kali Linux 2018.2
• 2018.06 [DoktorCranium] Running Ubuntu 18.04 Server s390x in Hercules Mainframe simulator
• 2018.06 [astr0baby] Installing Ubuntu 18.04 Server s390x in Hercules Mainframe simulator
• 2018.06 [DoktorCranium] Mainframe Z/OS 1.10 Hercules on Linux
• 2017.06 [freebuf] 如何用HERCULES绕过杀软
• 2016.09 [n0where] Special Customizable Payload Generator: Hercules
• 2016.06 [hackingarticles] Bypass All Antivirus and Hack Remote Windows 10 PC using Hercules

<a id="c88f6e7d1b8e5fbdc160f547436a1765"></a>Python-Rootkit

<a id="53f087810d39f686bc430fc16b4b57cf"></a>工具

• [310星][13d] [Py] 0xislamtaha/python-rootkit Python远控，用于获取Meterpreter会话

<a id="dc799b61ee105a1d1821f79483e19ae6"></a>SharpShooter

<a id="0af225b9b7d5680725f82edddbfde244"></a>工具

• [898星][1y] [Visual Basic .NET] mdsecactivebreach/sharpshooter Payload Generation Framework

<a id="2990cb241fd645b9d3fca7617004e98d"></a>文章

• 2019.03 [carbonblack] TAU Threat Intelligence Notification: Operation SharpShooter
• 2019.02 [mdsec] Macros and More with SharpShooter v2.0
• 2018.12 [4hou] 以全球关键基础设施为目标的新攻击活动——Operation Sharpshooter
• 2018.12 [mcafee] ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
• 2018.12 [mcafee] ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
• 2018.10 [pediy] [翻译]使用 Sharpshooter + SquibblyTwo 绕过 AMSI 防御的技巧
• 2018.09 [countercept] Analyzing Sharpshooter – Part 2
• 2018.09 [4hou] 渗透测试技巧：如何使用Sharpshooter+SquibblyTwo绕过AMSI防御
• 2018.08 [countercept] Analyzing Sharpshooter - Part 2
• 2018.08 [0x00sec] Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo
• 2018.08 [countercept] Analyzing Sharpshooter – Part 1
• 2018.08 [countercept] Analyzing Sharpshooter - Part 1
• 2018.08 [morphisec] SharpShooter Pen Testing Framework Used by Attackers
• 2018.07 [n0where] Payload Generation Framework: SharpShooter
• 2018.06 [mdsec] FreeStyling with SharpShooter v1.0
• 2018.03 [360] 如何使用SharpShooter生成Payload
• 2018.03 [mdsec] SharpShooter介绍
• 2015.06 [trendmicro] Cybercriminal Sharpshooters: Nigerian Scammers Use HawkEye to Attack Small Businesses

<a id="0ea62b3f2d6a28ea5fca3b040430dbc9"></a>SpookFlare

<a id="910a7d5c31f4d0ecf0bf54c6e2420c56"></a>工具

• [780星][1y] [Py] hlldz/spookflare Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

<a id="411fee0ed40668884479e464bf994ba4"></a>文章

• 2018.05 [n0where] Meterpreter Loader Generator: SpookFlare
• 2017.11 [360] SpookFlare: 黑暗中前行

<a id="2844bde3d954b4af180d188082fea3ec"></a>TheFatRat

<a id="9a8cd34cea64c0825e53fcdda0c122e4"></a>工具

• [3659星][3m] [C] screetsec/thefatrat 大规模漏洞利用工具
• [20星][4y] [C] exploit-install/thefatrat An easy tool to generate backdoor with msfvenom (a part from metasploit framework). This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection

<a id="dd5dea07a5d0415b767d925d04e99e0f"></a>文章

• 2020.03 [hakin9] TheFatRat - A Massive Exploiting Tool
• 2019.03 [HackerSploit] How To Automatically Embed Payloads In APK's - Evil-Droid, Thefatrat & Apkinjector
• 2018.11 [freebuf] 技术分享 | 看我如何使用TheFatRat黑掉你的Android手机
• 2017.11 [TheHackerStuff] TheFatRat - Hacking Over WAN - Embedding Payload in Original Android APK - Without Port Forwarding
• 2017.02 [n0where] Generate Backdoor With msfvenom: TheFatRat
• 2016.12 [TheHackerStuff] Kali Linux - TheFatRat - Creating an Undetectable Backdoor - Bypass all AntiVirus
• 2016.09 [freebuf] TheFatRat：Msfvenom傻瓜化后门生成工具
• 2016.07 [hackingarticles] Hack Remote Windows 10 PC using TheFatRat

<a id="2f025b72723b0bad9b30bb79ed3f47ae"></a>Venom

<a id="52dcc58dcf9e0e09c5f9d2fc3cc64f72"></a>工具

• [1192星][9d] yzddmr6/webshell-venom 免杀webshell无限生成工具(利用随机异或无限免杀D盾)
• [637星][7d] [Shell] r00t-3xp10it/venom shellcode 生成器、编译器、处理器(metasploit)
• [273星][11d] [JS] yzddmr6/as_webshell_venom 免杀webshell无限生成工具蚁剑版
• [122星][14d] [Py] wetw0rk/malicious-wordpress-plugin 生成带反向 Shell 的 wordpress 插件
• [100星][26d] [Py] lockedbyte/cryptovenom Cryptovenom: The Cryptography Swiss Army Knife
• [8星][28d] [Shell] manofftoday/venomdroid3 Script that easily creates, signs and AV bypass .apk metasploit reverse_tcp payload.

<a id="1131eb654d689690d462d86a3ffb2f1a"></a>文章

• 2019.11 [aliyun] venom的powershell免杀技术分析
• 2019.06 [JosephDelgadillo] Learn System Hacking E20: Exploiting Android and iOS Devices with Venom
• 2018.11 [freebuf] 如果有人使用VENOM工具绕过反病毒检测，该如何防护？
• 2018.02 [pentesttoolz] VENOM 1.0.15 – Metasploit Shellcode Generator/Compiler/Listener
• 2017.02 [secist] 免杀后门(五)：Venom结合Metasploit绕过360(内附视频)
• 2017.02 [UltraHacks] VenomLogger - Keylogger || PROMOTION ||
• 2016.02 [hackingarticles] Exploitation of Windows PC using Venom: Shellcode Generator
• 2016.01 [n0where] Shellcode Generator: Venom

<a id="c1d31bd6ecf78f7a3fc7fc52ac202d95"></a>Winpayloads

<a id="453757cab7a1b573f10f088f8ccbed81"></a>工具

• [1093星][11m] [Py] nccgroup/winpayloads Undetectable Windows Payload Generation

<a id="665371c5a04efeeb3540ec331d75b198"></a>文章

• 2018.03 [freebuf] Winpayloads：不可检测的Windows Payload生成工具
• 2017.07 [freebuf] WinPayloads：一个可以绕过安全检查的Windowspayload生成器
• 2016.02 [charliedean] WinPayloads - Undetectable Windows Payload Generation
• 2016.01 [hackingarticles] Winpayloads: Undetectable Windows Payload Generation

<a id="78d4960c1617befde6be1c374e5e224e"></a>nps_payload

<a id="bd2624d62630d556efa8f431429f3a28"></a>工具

• [331星][12d] [Py] trustedsec/nps_payload Python 脚本，生成能够绕过基础入侵检测的 payload
• [32星][2m] [Py] fsacer/nps_payload This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Written by Larry Spohn (

<a id="1c6d137ac85ae2d158e343ba1327ffde"></a>文章

• 2019.03 [hackingarticles] nps_payload: An Application Whitelisting Bypass Tool
• 2017.08 [n0where] Intrusion Detection Avoidance Payload Generator: NPS_Payload
• 2017.07 [trustedsec] New Tool Release: NPS_Payload

<a id="fedbeafa34f02f951f0792a799d4073d"></a>zirikatu

<a id="f3fb6776c2d0d008630311e19e9ba7c1"></a>工具

• [136星][3y] [Shell] pasahitz/zirikatu Fud Payload generator script

<a id="733a0143baef08c6229e70dda5b4fa65"></a>文章

• 2017.04 [secist] Metasploit系列课程第三课：Msf&zirikatu免杀结合利用（附PPT）

<a id="3d7c6c6fc7f0bd776051bee516d94d0f"></a>unicorn

<a id="bc86fda39a6ec0976b23b66f79308389"></a>工具

• [2209星][4m] [Py] trustedsec/unicorn 通过PowerShell降级攻击, 直接将Shellcode注入到内存

<a id="619a40fa2c43bfd68c1449c7481c42db"></a>Shellter

<a id="b0c0f53e7fa8ab994270778efe65f413"></a>文章

• 2020.02 [crowdstrike] Gimme Shellter
• 2018.11 [securityartwork] Evading AV with Shellter. I also have Sysmon & Wazuh III. GAME OVER
• 2018.11 [securityartwork] Evading AV with Shellter. I also have Sysmon and Wazuh II
• 2018.11 [securityartwork] Evading AV with Shellter. I also have Sysmon and Wazuh I
• 2017.01 [DemmSec] HOW TO MAKE MALWARE UNDETECTABLE! (SHELLTER)
• 2016.08 [evi1cg] Shellter Custom payload
• 2015.12 [n0where] Dynamic Shellcode Injection: Shellter
• 2015.10 [freebuf] Kali Shellter 5.1：动态ShellCode注入工具 绕过安全软件
• 2015.10 [secist] 免杀后门(四)之shellter注入绕过
• 2015.10 [cyberarms] Anti-Virus Bypass with Shellter 5.1 on Kali Linux
• 2015.08 [anti] Shellter V & Kali 2.0
• 2015.07 [cyberarms] Anti-Virus Bypass with Shellter 4.0 on Kali Linux
• 2015.07 [BsidesLisbon] BSidesLisbon2015 - Shellter - A dynamic shellcode injector - Kyriakos Economou
• 2015.06 [freebuf] 动态Shellcode注入工具 – Shellter
• 2014.08 [toolswatch] Shellter v1.7 A Dynamic ShellCode Injector – Released
• 2014.06 [toolswatch] [New Tool] Shellter v1.0 A Dynamic ShellCode Injector – Released
• 2013.12 [anti] A Shellter for your shellcode…

<a id="68856cb6cd8a71236b7ab0dd8ae6e4f3"></a>dr0p1t

<a id="a338777a3909deef427bc71b1e2c31aa"></a>工具

• [1034星][2y] [Py] d4vinci/dr0p1t-framework 创建免杀的Dropper

<a id="05cbac684baf2b4169f77fe3b3001ce6"></a>文章

• 2017.07 [secist] Dr0p1t-Framework：一个可以绕过多数杀软的木马生成框架
• 2017.07 [freebuf] Dr0p1t-Framework：一个可以绕过多数杀软的木马生成框架
• 2017.07 [n0where] Advanced Stealthy Dropper: Dr0p1t Framework

<a id="03faa45aa2511d31e470556f664c3dbb"></a>phantom

<a id="f6fa26843c6cc22c7277b9f609bb5067"></a>工具

• [778星][4m] [Py] oddcod3/phantom-evasion 一个用python编写的防病毒规避工具(与python和python3兼容)，能够生成(几乎)完全不可检测的可执行文件，即使是使用最常见的x86 msfvenom负载。

<a id="eaaefa10905a4a70b7638dc0a3888576"></a>文章

• 2018.05 [pentesttoolz] Phantom Evasion – Python AV Evasion Tool – Generate (Almost) FUD Payload – Kali Linux 2018.2

<a id="1e6a9c93f0c18239195ee1550e8c8286"></a>morphaes

<a id="b2c88539436be2829d0a004f959c88ca"></a>工具

• [262星][2y] [Py] cryptolok/morphaes 多态shellcode引擎，具有变态特性并能够绕过沙箱，绕过IDPS检测

<a id="b0f82b4b4cfbc920f9696fba1b2ef219"></a>文章

• 2016.07 [n0where] IDPS SandBox AntiVirus Stealth Killer: MorphAES

<a id="7eb9d59bc55e5f016a3cebb83d1a1b92"></a>unibyav

<a id="989d2090c76a62641b74bc2b1b8d0ae7"></a>工具

• [195星][2y] [Py] mr-un1k0d3r/unibyav a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.

<a id="8bc66a23c82b90dacd110a357b88ea61"></a>armor

<a id="3ada1997ce6a96c892f7ab3fa8dad2ec"></a>工具

• [186星][2y] [Shell] tokyoneon/armor Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

<a id="517b0aeab5f2cd945f94f91e8974cf5a"></a>foolav

<a id="e5b6342fb680c4bd510d354bf7980dca"></a>工具

• [177星][1m] [C] hvqzao/foolav Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host
• [87星][2m] [C] hvqzao/foolavc foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV

<a id="7d46cbb4cb861c45336127542614b679"></a>文章

• 2016.05 [safebuff] Bypass Antivirus via foolav
• 2016.02 [freebuf] Foolav：免杀小工具+win主机运行任意payload

<a id="5d6c4ac2fad929e20c0078b587498fe3"></a>Inception

<a id="ffc28f955ef67e69a7302028e7fe5c7e"></a>工具

• [307星][2y] [Py] two06/inception Provides In-memory compilation and reflective loading of C# apps for AV evasion.

<a id="376fa2db1df60456ca1de20b473dda6f"></a>CarbonCopy

<a id="c4b468e647a6c596f085d35be9c954cf"></a>工具

• [708星][12m] [Py] paranoidninja/carboncopy A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

<a id="8545aec3222685f7ade02e2b46d08b9c"></a>metasploitavevasion

<a id="56cc20e65680f66c92c00965803e9c37"></a>工具

• [239星][12d] [Shell] nccgroup/metasploitavevasion Metasploit AV Evasion Tool

<a id="4bd9e808211303a5ba0ae1ad0dd9479e"></a>SideStep

<a id="8813c1723abf0617203a5194679eac5a"></a>工具

• [112星][3y] [C++] codewatchorg/sidestep Yet another AV evasion tool

<a id="013f4c8152b842e7b69245a620ca70e4"></a>文章

• 2014.12 [securityledger] Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

<a id="888ee9daabdbd703448f8910aa9704e2"></a>nativepayload_dns

<a id="f5adbcc74fc6e3a0b6b8075e08029d53"></a>工具

• [207星][2y] [C#] damonmohammadbagher/nativepayload_dns 使用DNS流量传输Payload，绕过杀软。C#编写

<a id="b78301af3e251368517e446160caa268"></a>HackTheWorld

<a id="e32647912325352a4af7f8e0b7079218"></a>工具

• [328星][2y] [Py] stormshadow07/hacktheworld An Python Script For Generating Payloads that Bypasses All Antivirus so far .

<a id="f3473296bad376d23c4c7ee3e4aef378"></a>Salsa-tools

<a id="8cf63337df4bb46d78ecef66db7f32ba"></a>工具

• [322星][3m] [C#] hackplayers/salsa-tools ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

<a id="c2951eccbf61918b64cfe866f631482c"></a>mcreator

<a id="60b14a1abbbd681bd496f0ba28115f1b"></a>工具

• [139星][12d] [Py] blacknbunny/mcreator 反向Shell生成器, 自带AV绕过技术

<a id="6d54eff12d6ae09b0713e047857c3a4d"></a>杀毒软件

<a id="0f79ac3b032081b26dbcb3144c795c1d"></a>ClamAV

<a id="00cbab201c6762bbcae7c84b7d0899c1"></a>工具

• [1064星][10d] [C++] cisco-talos/clamav-devel 开源AV引擎ClamAV
• [409星][11d] cisco-talos/clamav-faq ClamAV FAQ
• [354星][15d] [Shell] extremeshok/clamav-unofficial-sigs ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com
• [266星][17d] [Shell] essandess/macos-fortress Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)
• [86星][11d] [Dockerfile] mko-x/docker-clamav Dockerized open source antivirus for use with file sharing containers, REST API or TCP.
• [81星][17d] [Py] momika233/clamav_0day_exploit ClamAV_0Day_exploit
• [60星][12d] [Ruby] kobaltz/clamby ClamAV interface to your Ruby on Rails project.
• [43星][7y] [Py] sketchymoose/totalrecall Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.
• [38星][2m] [C++] cisco-talos/clamav-bytecode-compiler ClamAV ByteCode Compiler
• [35星][2y] [Py] cisco-talos/casc 在IDA的反汇编和字符串窗口中, 辅助创建ClamAV NDB 和 LDB签名
• [33星][4m] [Perl] tripflex/cpsetup Intuitive bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with ConfigServer Firewall, MailManage, MailQueue, Malware Detect, ClamAV, mod_cloudflare, CloudFlare RailGun, and many more applications and security tweaks
• [28星][6m] brandonprry/clamav-fuzz A fuzz job for ClamAV
• [23星][24d] geerlingguy/ansible-role-clamav Ansible Role - ClamAV.
• [11星][1y] [C#] rmuch/clamav.managed ClamAV bindings for the .NET Framework, Mono and PowerShell. ClamAV.Managed is a library written in C# for the .NET Framework and Mono, providing managed bindings for the libclamav interface. It includes ClamAV.Managed.PowerShell, a set of PowerShell cmdlets for ClamAV scanning. It comes with sample code for building a GUI virus scanner applicat…
• [10星][3m] [Py] abhinavbom/clara Serverless, real-time, ClamAV+Yara scanning for your S3 Buckets
• [9星][1y] [Go] monostream/muescheli A simple AntiVirus-as-a-Service implementation using ClamAV
• [4星][1y] [Py] hestat/clamav-cortexanalyzer Analyzer for TheHive Cortex Soc platform. Allows you to run observables against default and custom ClamAV rules.
• [2星][1m] [Ruby] simp/pupmod-simp-clamav The SIMP clamav Puppet Module

<a id="50a64cc4d87a6d9a7a42502573dd36bb"></a>文章

• 2019.12 [talosintelligence] ClamAV team shows off new Mussels dependency build automation tool
• 2019.08 [4hou] ClamAV+Falco，助你高效检测挖矿Docker
• 2018.09 [infosecinstitute] Gentoo Hardening: Part 4: PaX, RBAC and ClamAV [Updated 2018]
• 2017.02 [nviso] Hunting with YARA rules and ClamAV
• 2016.10 [hackers] Evading AV: Anatomy of ClamAV
• 2016.06 [calderonpale] Erm… ClamAV daemon can be shutdown with a simple SHUTDOWN command
• 2016.06 [calderonpale] Erm… ClamAV daemon can be shutdown with a simple SHUTDOWN command
• 2016.06 [foxglovesecurity] Finding pearls; fuzzing ClamAV
• 2015.09 [n0where] Robust ClamAV-based Linux Malware Scanner: MalScan
• 2015.06 [linux] Installing ClamAV on CentOS 7 and Using Freshclam
• 2015.02 [linux] Using ClamAV for Linux PCI DSS requirement 5: Malware
• 2013.12 [talosintelligence] A quick tutorial on ClamAV detection: Win.Adware.Bprotector
• 2012.11 [firebitsbr] Clamav – Fazendo scanning de arquivos suspeitos e movendo para uma pasta em específico
• 2012.09 [firebitsbr] Malware: Scanning com Adobe Malware Classifier/Clamav por possível Malwares em PDF
• 2012.08 [talosintelligence] ClamAV vs. Content IQ Test, part 4
• 2012.06 [hiddenillusion] XDP files and ClamAV
• 2012.05 [talosintelligence] ClamAV and Snort coverage for Flashback and Sabpub
• 2012.04 [talosintelligence] ClamAV vs. Content IQ Test, part 3
• 2012.03 [talosintelligence] ClamAV vs. Content IQ Test, part 2
• 2012.02 [talosintelligence] ClamAV vs. Content IQ Test, part 1
• 2011.04 [toolswatch] Malware Analysis: Classifying with ClamAV and YARA
• 2011.02 [talosintelligence] Blacklist.rules, ClamAV, and Data Mining
• 2011.02 [sans] Snort 2.9.0.4 is coming out Thursday, ClamAV 0.97 update released
• 2010.12 [talosintelligence] ClamAV 3.0 for Windows Open Beta
• 2010.11 [pediy] [原创]ClamAV v0.93分析及引擎总结
• 2010.09 [talosintelligence] Introduction to ClamAV's Low Level Virtual Machine (LLVM)
• 2010.08 [talosintelligence] ClamAV Release Announcements
• 2010.06 [talosintelligence] ClamAV for Windows
• 2010.04 [sans] ClamAV 0.94 EOL Reminder
• 2009.06 [talosintelligence] ClamAV DoJoSec Talk Addendum
• 2009.05 [jsunpack] Using ClamAV on the command line as an automatic unpacker
• 2009.01 [addxorrol] ClamAV and unpackers
• 2008.10 [talosintelligence] Update on Snort and ClamAV for ms08-067
• 2008.09 [talosintelligence] Logical signatures in ClamAV 0.94
• 2008.02 [virusbulletin] Trend vs. ClamAV patent row hots up
• 2007.12 [sans] New Vulnerabilities in ClamAV
• 2007.08 [sans] Principle of Most Privilege and the Snort/ClamAV Purchase
• 2007.04 [sans] New ClamAV version fixes buffer overflow vulnerability
• 2007.02 [sans] Clamav security vulnerabilities
• 2006.10 [sans] ClamAV fixes multiple vulnerabilities
• 2006.08 [sans] ClamAV versions up to 0.88.3 DoS
• 2005.11 [sans] ClamAV 0.87.1 released, fixes multiple security vulnerabilities
• 2005.07 [sans] ClamAV vulnerability; Con-fu
• 2005.05 [sans] GAO Report on DHS; ezSTUB; Worm.Gibe.F; BlueTooth Security? ClamAv MACosX
• 2005.05 [sans] Google Web Accelerator; Snort with ClamAV; RSA SecurID WebAgent Overflow

<a id="23f0535e20d7568cb2148058d4d0eec7"></a>phpmussel

<a id="df50a8b098bb9d9705d23a1c5aee1b9d"></a>工具

• [312星][13d] [PHP] phpmussel/phpmussel PHP-based anti-virus anti-trojan anti-malware solution.

<a id="d2b49dd7f9e44ce9bebaa9a2d10fb418"></a>AntiSpy

<a id="5b8aed4a3f150a46044fcbb9303bbe07"></a>工具

• [717星][15d] [C] mohuihui/antispy AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.

<a id="0dac6b8f6f53c74872ba8abc870c5786"></a>文章

• 2019.12 [freebuf] AntiSpy：一款功能强大的反病毒&反Rootkit免费工具套件
• 2019.11 [hakin9] Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit

<a id="266b4e495fed809aebd810e9179943bc"></a>TinyAntivirus

<a id="b5fda8d31849edf53b8c3c683f30f990"></a>工具

• [296星][3y] [C++] develbranch/tinyantivirus TinyAntivirus is an open source antivirus engine designed for detecting polymorphic virus and disinfecting it.

<a id="e14845ece905066b4158a157822a5b46"></a>yourav

<a id="ee1cb60a806b81ce73708f6dbd2c5ab6"></a>工具

• [493星][3y] [C#] tlaster/yourav 宇宙级最轻量杀毒软件

<a id="c0262ea14af5f0a32ea77c42f74d9083"></a>Armadito

<a id="412655e126f176b7d826ae47f4d709bd"></a>工具

• [166星][30d] [C] armadito/armadito-av Armadito antivirus main repository
• [10星][1y] [PHP] armadito/armadito-glpi Plugin Armadito for GLPI
• [5星][1y] [JS] armadito/deprecated-web-ui Deprecated Armadito web user interface

<a id="f5ea509928f78d22baaf8b7d2d83b1c1"></a>kicomav

<a id="ae0cbebfda20355ed559439425b8bb53"></a>工具

• [197星][12d] [Py] hanul93/kicomav KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it.

<a id="5405d662fd54f801c7210a7bda946945"></a>工具

• [335星][14d] [Java] widdix/aws-s3-virusscan S3 Buckets反病毒
• [107星][2y] [C] formyown/alesense-antivirus 一款拥有完整交互界面与驱动级拦截能力的开源杀毒软件
• [33星][3y] [Py] jkkj93/mint-webshell-defender 薄荷WEBSHELL防御系统，是一款WEBSHELL查杀/防御软件，采用PYTHON编写
• [26星][4y] [Java] whyalwaysmea/mobilesafe 这是一个android版的手机卫士，包含一下功能：1.手机防盗 2. 黑名单设置 3.软件管理 4.进程管理 5.流量统计 6.缓存清理 7.手机杀毒 8.来电归属地显示 9.号码归属地查询 10.程序锁
• [12星][4y] [C++] majian55555/mjantivirusengine Anti-virus engine in Windows using VC++ 6.0 and MFC. We applied windows multithreading in virus scan method and user interface. Using MFC encapsulated threads library and Win32 APIs as well.
• [9星][5m] [VBScript] zelon88/hr-av A fully original Windows anti-virus client from HonestRepair using the same custom antivirus engine as our Cloud.
• [1星][2y] zhiyuanwang-chengdu-qihoo360/superantispyware_poc SUPERAntiSpyware CVE

<a id="1bfd82f11c1dfbbe3bc02196944ffac5"></a>白利用

<a id="7d2569935e9e48ed6bbe0caca9efc76e"></a>文章-白利用

• 2020.03 [freebuf] APT攻防之红队入侵：DLL劫持与白利用
• 2017.08 [freebuf] 远控木马上演白利用偷天神技：揭秘假破解工具背后的盗刷暗流
• 2017.08 [4hou] 远控木马上演白利用偷天神技：揭秘假破解工具背后的盗刷暗流
• 2017.06 [freebuf] 白利用的集大成者：新型远控木马上演移形换影大法
• 2017.06 [4hou] 白利用的集大成者：新型远控木马上演移形换影大法
• 2017.06 [360] 白利用的集大成者：新型远控木马上演移形换影大法
• 2015.05 [freebuf] 移花接木大法：新型“白利用”华晨远控木马分析
• 2015.05 [] 移花接木大法：新型“白利用”华晨远控木马分析
• 2015.05 [] 移花接木大法：新型“白利用”华晨远控木马分析
• 2015.01 [] 移花接木大法：新型“白利用”华晨远控木马分析
• 2014.09 [qq] 新型白利用（暴风）远控木马分析

<a id="f12f806947d9d9c0cc78e8d5af783bee"></a>文章-白加黑

• 2018.02 [360] 远控木马巧设“白加黑”陷阱：瞄准网店批发商牟取钱财
• 2014.12 [sinaapp] 深入探究Windows平台客户端安全问题-进程地址空间入侵及白加黑高阶利用
• 2014.09 [pediy] [原创]深入探究Windows平台客户端安全问题-进程地址空间入侵和白加黑高阶利用

<a id="3893c1696e85d78880d012ed01d85982"></a>文章-LOLBins

• 2020.02 [hexacorn] Stay positive Lolbins… not!
• 2020.02 [hexacorn] SettingSyncHost.exe as a LolBin
• 2020.01 [reegun] Curl.exe is the new rundll32.exe — LOLbin
• 2020.01 [reegun] LOLbin — ProtocolHandler.exe
• 2019.12 [4hou] GLUPTEBA使用LOLBINS和CRYPTOMINER扩展操作和工具包
• 2019.11 [talosintelligence] Hunting for LoLBins
• 2019.11 [hexacorn] Quo Vadis, Lolbin
• 2019.09 [topsec] LOLBins详解
• 2019.09 [cybereason] Glupteba Expands Operation and Toolkit with LOLBins And Cryptominer
• 2019.09 [hexacorn] Sitting on the Lolbins, 12
• 2019.08 [hexacorn] Sitting on the Lolbins, 10
• 2019.08 [hexacorn] Sitting on the Lolbins, 11
• 2019.08 [hexacorn] Sitting on the Lolbins, 9
• 2019.08 [hexacorn] Sitting on the Lolbins, 8
• 2019.08 [hexacorn] Sitting on the Lolbins, 7
• 2019.08 [hexacorn] Sitting on the Lolbins, 5
• 2019.08 [hexacorn] Sitting on the Lolbins, 6
• 2019.08 [hexacorn] Sitting on the Lolbins, 4
• 2019.08 [hexacorn] Sitting on the Lolbins, 3
• 2019.08 [hexacorn] Sitting on the Lolbins, 2
• 2019.08 [hexacorn] Sitting on the Lolbins, 1
• 2019.06 [4hou] 恶意软件ADOBE WORM FAKER：通过LOLBins来“订制”你的专属payload
• 2019.06 [cybereason] Adobe Worm Faker Uses LOLbins And Dynamic Techniques To Deliver Customized Payloads
• 2019.05 [hexacorn] msiexec.exe as a LOLBIN
• 2019.05 [hexacorn] VS2005_vcredist_x86.exe as a LOLBIN
• 2019.05 [4hou] 黑客组织TA505利用LoLbin和新型后门攻击金融行业
• 2019.04 [cybereason] Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
• 2019.04 [hexacorn] Installers – Interactive Lolbins, Part 2
• 2019.04 [hexacorn] Installers – Interactive Lolbins
• 2019.04 [hexacorn] Signed Nullsoft Plug-ins – potential Lolbins
• 2019.03 [hexacorn] Squirrel packages’ manager as a lolbin (a.k.a. many Electron apps are lolbins by default)
• 2019.01 [cybereason] Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack
• 2019.01 [sans] LOLBin Detection Methods: Seven Common Attacks Revealed
• 2018.08 [hexacorn] A few more LOLBins…
• 2018.08 [hexacorn] Squirrel as a Lolbin
• 2018.08 [hexacorn] PrintDialog.exe – yet another Lolbin for loading DLLs
• 2018.05 [hexacorn] wab.exe as a LOLBin
• 2018.04 [oddvar] 使用GPscript.exe在主机启动时执行脚本
• 2018.04 [hexacorn] I shot the sigverif.exe – the GUI-based LOLBin
• 2018.04 [hexacorn] ExtExport – yet another LOLBin

<a id="e96af0ca0a80b6ab957e1a9b3bbfaa70"></a>SysWhispers

<a id="d731b11009dd22d3df9458b4d43e4550"></a>文章

• 2020.02 [freebuf] SysWhispers：如何通过直接系统调用实现AVEDR绕过

<a id="168d42230cc287e1baccc651367d3e9b"></a>工具

<a id="93ec152efed1e1ec1343cfdac7988c08"></a>资源收集

• [564星][1y] [ASP] landgrey/webshell-detect-bypass 绕过专业工具检测的Webshell研究文章和免杀的Webshell
• [465星][3m] [C#] tidesec/bypassantivirus 远控免杀系列文章及配套工具，搜集汇总了互联网上的几十种免杀工具和免杀方法，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

<a id="f9687c608e750c19c2f8190158a63333"></a>新添加

• [1436星][4m] [Py] ekultek/whatwaf 检测并绕过WAF和保护系统
• [973星][2y] [Py] trycatchhcf/cloakify 数据外泄、渗透一目了然;使用基于文本的隐写术将任何文件类型转换为日常字符串列表;DLP/MLS设备，失效数据白名单控制，分析师的社会工程，规避AV检测
• [507星][4m] [Go] cbeuw/cloak A censorship circumvention tool to evade detection against state adversaries
• [442星][8d] [Assembly] jthuraisamy/syswhispers AV/EDR evasion via direct system calls.
• [435星][7d] [PS] the-xentropy/xencrypt A PowerShell script anti-virus evasion tool
• [298星][12m] [YARA] supportintelligence/icewater YARA rules for the detection of malware and malicious files. the anti-virus industry prefers names for a threat
• [220星][3y] [C++] bee13oy/av_kernel_vulns Pocs for Antivirus Software‘s Kernel Vulnerabilities
• [196星][14d] [Smali] sslab-gatech/avpass Tool for leaking and bypassing Android malware detection system
• [187星][10d] [Py] tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
• [182星][3y] [PHP] lcatro/php-webshell-bypass-waf 分享PHP WebShell 绕过WAF 的一些经验
• [177星][3y] [Py] arno0x/shellcodewrapper 支持多种语言的Shellcode包装器，支持编码/加密。可用于绕过杀软
• [175星][30d] [Go] vyrus001/go-mimikatz A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
• [173星][16d] [Py] rvn0xsy/cooolis-ms Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.
• [144星][11d] [C++] ajayrandhawa/keylogger Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture system screenshot and send to ftp server in given time.
• [135星][3m] [C++] huoji120/antivirus_r3_bypass_demo 分别用R3的0day与R0的0day来干掉杀毒软件
• [131星][2y] [Py] cisco-talos/bass 从先前生成的恶意软件集群的样本中自动生成AV签名
• [118星][30d] [C] govolution/avepoc 一些免杀的 poc
• [116星][21d] [C#] p0cl4bs/hanzoinjection injecting arbitrary codes in memory to bypass common antivirus solutions
• [106星][14d] [Shell] jbreed/apkwash Android APK Antivirus evasion for msfvenom generated payloads.
• [100星][1y] [C] kirillwow/ids_bypass 入侵检测系统(IDS)绕过PoC
• [100星][4y] [Py] ym2011/scanbackdoor Webshell扫描工具，通过各种规则和算法实现服务器脚本后门查杀
• [99星][29d] [Go] asche910/flynet A powerful TCP/UDP tool, which support socks5 proxy by tcp and udp, http proxy and NAT traversal. This tool can help you bypass gfw easily
• [89星][11d] [Py] k8gege/scrun BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
• [85星][1m] [Py] llsourcell/antivirus_demo Antivirus Demo for Fresh Machine Learning #7
• [82星][4y] [HTML] vah13/avdetection A simple way for detection the remote user's antivirus
• [76星][2m] [Go] maliceio/malice-av Malice AntiVirus Plugins
• [72星][4y] [Py] monnappa22/hollowfind a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques
• [71星][5y] [Py] robbyfux/ragpicker Ragpicker is a Plugin based malware crawler with pre-analysis and reporting functionalities. Use this tool if you are testing antivirus products, collecting malware for another analyzer/zoo.
• [68星][4m] [PHP] marcocesarato/php-antimalware-scanner AMWSCAN (Antimalware Scanner) is a php antimalware/antivirus scanner console script written in php for scan your project. This can work on php projects and a lot of others platform.
• [65星][10d] [PHP] thekingofduck/bypassavaddusers 绕过杀毒软件添加用户
• [64星][6y] [Py] andrew-morris/stupid_malware Python malware for pentesters that bypasses most antivirus (signature and heuristics) and IPS using sheer stupidity
• [64星][2m] [Py] az0ne/python_backdoor 过360主动防御360杀毒以前99%杀软的python后门
• [63星][17d] [C#] two06/amsi_handler Automate AV evasion by calling AMSI
• [60星][4y] [Batchfile] ayra/zipbomb About an old technology that still screws up some anti virus software
• [59星][5m] [JS] evyatarmeged/humanoid Node.js package to bypass CloudFlare's anti-bot JavaScript challenges
• [56星][3y] [Py] ahm3dhany/ids-evasion Evading Snort Intrusion Detection System.
• [56星][2y] [C++] huoji120/av-killer Antivirus Killer
• [56星][14d] [C#] damonmohammadbagher/nativepayload_reverseshell This is Simple C# Source code to Bypass almost "all" AVS, (kaspersky v19, Eset v12 v13 ,Trend-Micro v16, Comodo & Windows Defender Bypassed via this method Very Simple)
• [52星][2m] [C] stonedreamforest/re_avkmgr 逆向小红伞杀毒软件驱动——avkmgr
• [46星][30d] [Shell] jbreed/apkinjector Android APK Antivirus evasion for msfvenom generated payloads to inject into another APK file for phishing attacks.
• [45星][1m] [Shell] rordi/docker-antivirus Docker antivirus & malware scanning (antivirus as a microservice / antivirus as a container)
• [44星][9m] [HTML] unk9vvn/andtroj A tool for integrating the Metasploit payload with Android's healthy programs and bypassing antivirus
• [42星][15d] [Py] hackedteam/test-av2 Automated antivirus test environment (new version)
• [42星][4m] [C#] ryuzakih/cloudflaresolverre Cloudflare Javascript & reCaptcha challenge (I'm Under Attack Mode or IUAM) solving / bypass .NET Standard library.
• [41星][9y] [C++] cr4sh/ptbypass-poc Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
• [41星][3m] [C++] hackshields/antivirus
• [41星][4m] [C] ntraiseharderror/antihook PoC designed to evade userland-hooking anti-virus.
• [40星][25d] [PS] curtbraz/invoke-neutralizeav Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting
• [39星][23d] [Py] joxeankoret/tahh Source codes for "The Antivirus Hackers Handbook" book.
• [37星][24d] [JS] truework/lambda-s3-antivirus Lambda Function to scan incoming S3 uploads by Truework
• [36星][15d] [Py] hackedteam/test-av Automated antivirus test environment
• [34星][2y] [C#] damonmohammadbagher/nativepayload_arp C# code for Transferring Backdoor Payloads by ARP Traffic and Bypassing Anti-viruses (Slow)
• [33星][3y] [Shell] b3rito/trolo trolo - an easy to use script for generating Payloads that bypasses antivirus
• [27星][4m] [HTML] rafaybaloch/sop-bypass-mini-test-suite This test suite contains over 40 different test cases that have proven to work with different mobile browsers in my research or testing Same Origin Policy bypass issues with browsers. Due credits were given to the researchers whose Proof of concepts have been incorporated in this test suite. Please note that, this is just the beta version, the n…
• [26星][24d] [C] devilogic/xvirus 一个早期的抗启发式查杀的WIN32免杀壳
• [26星][10m] [C] souhailhammou/panda-antivirus-lpe The exploit for Panda AV LPE
• [25星][2y] [C#] damonmohammadbagher/nativepayload_ip6dns C# code for Transferring Backdoor Payloads by IPv6 Address (AAAA) records and DNS Traffic also Bypassing Anti-viruses
• [25星][5m] [C] visweswaran1998/cybergod-ksgmprh An open-source antivirus for windows
• [24星][2m] [PHP] 3xp10it/xwebshell 免杀webshell集合
• [23星][4y] [Py] d4vinci/anti_killer Kill Any Antivirus Using Python For Windows Users .
• [23星][7m] [C#] lockfale/dotnetavbypass-master C# AV bypass jank
• [21星][2m] [C] sanseolab/simpleavdriver Simple AntiVirus Driver example
• [20星][14d] [PHP] pluginkollektiv/antivirus Useful plugin that will scan your theme templates for malicious injections. Automatically. Every day. For more blog security.
• [20星][17d] ajayrandhawa/auto-screen-catpure It is primary designed to be hidden and monitoring the computer activity. Take a screenshot of desktop in hidden mode using Visual C++ and save automatically to 'jpeg' file in every 30 second. 60+ Most Popular antivirus not detect this application while it is running on background.
• [19星][25d] [C] credativ/pg_snakeoil The PostgreSQL Antivirus #pgSnakeOil
• [18星][6m] [C] visweswaran1998/mrida An opensource antivirus implementation - Successor of CyberGod KSGMPRH
• [17星][13d] [HTML] fmind/euphony Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware
• [17星][9m] [Java] wh1t3p1g/monitorclient 网站实时监控文件变动及webshell检测查杀工具
• [15星][4m] [PHP] mahi2/befree Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse
• [15星][3y] payatu/quickheal CVE-2017-5005 for Quick Heal Antivirus
• [15星][1m] [C] stonedreamforest/re_avdevprot 逆向小红伞杀毒软件驱动——avdevprot
• [15星][12m] [PHP] tengzhangchao/maskfindshell linux下webshell查杀工具
• [15星][3m] [C] zzy590/basiclibpp A powerful library for inline-hook,lock,compress etc,and it is useful for anti-virus software.
• [15星][12d] [JS] rubaljain/frida-jb-bypass Frida script to bypass the iOS application Jailbreak Detection
• [12星][1y] [Py] huseck/scan_kill_php_shell 针对PHP网马的正则查杀
• [12星][16d] [Go] malice-plugins/windows-defender Malice Windows Defender AntiVirus Plugin
• [12星][2m] [C] serializingme/emofishes Emofishes is a collection of proof-of-concepts that help improve, bypass or detect virtualized execution environments (focusing on the ones setup for malware analysis).
• [11星][2m] behzadmagzer/epcrypter A Tool For Crypt File And Bypass AntiVirus Even msfvenom Payloads
• [11星][16d] [Py] tanc7/dark-lord-obama AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
• [10星][2y] [C#] arunvnnk/avbypass Techniques that i have used to evade anti-virus during pen tests.
• [8星][5y] [C++] hkhk366/memory_codes_injection Inject codes to another process to watch and operate other process. This is usually used as anti-virus software.
• [8星][6m] [Py] nikhilraghava/ml-antivirus An antivirus powered by machine learning.
• [8星][1y] [Py] xedtech/ceriumav Project Cerium Antivirus
• [8星][3m] [C#] fashionproof/uglyexe UglyEXe - bypass some AVs
• [7星][2m] [C] idigitalflame/inyourmems Windows Antivirus Evasion and Memory Injection
• [7星][2y] zhiyuanwang-chengdu-qihoo360/malwarebytes_poc Malwarebytes Antivirus CVE
• [7星][7m] [JS] ecstatic-nobel/not-anti-virus An attmept to block malware before AV scans it.
• [6星][10m] [Ruby] duke-libraries/ddr-antivirus Antivirus service wrapper
• [6星][1y] 0x4xleakr/darkcrypter DarkCrypter encrypts your files and generates undetectable payloads to evade all anti-virus vendors.
• [5星][2y] [Perl] armadito/armadito-agent Armadito Agent for Antiviruses management
• [5星][8m] [Py] henriksb/virustotalscanner Scan suspicious applications with over 60 different anti-viruses with a mere two clicks and five seconds!
• [5星][12m] [Go] malice-plugins/kaspersky Malice Kaspersky Antivirus Plugin
• [4星][3m] [Py] technowlogy-pushpender/apkinfector Advanced Android AV Evasion Tool Written In Python 3 that can Embed/Bind meterpreter APK to any Legitimate APK
• [4星][4m] [PHP] guardiran/cloudhound CloudHound is a cloudflare bypass tool which is using several methods such as DNS history Checkup, Cross-Site port Attack and etc to detect original Server's IP
• [3星][2y] [JS] cranic/node-virus EICAR testing signature for anti-virus testing purpouses.
• [3星][3m] [Java] gabriellhuver/baafjava Metasploit powershell exec in java, bypass any antivirus. You can enter the url .txt powershell payload script, and the jar download and exec this on the victim pc.
• [3星][1y] [Go] malice-plugins/mcafee Malice McAfee AntiVirus Plugin
• [3星][2y] [HTML] raikar/attack-docs This repo contains comprehensive lists of attack payloads known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, http header crlf injections, and more
• [2星][2y] [C++] k0keoyo/vir.it-explorer-anti-virus-null-pointer-reference-poc
• [2星][2y] kernelm0de/cve-2018-8090 DLL Hijacking in Quickheal Total Security/ Internet Security/ Antivirus Pro (Installers)
• [2星][5m] [Py] mado-95/madcrypt Simple script that strips/compresses/signs any PE in an effort to lower antivirus detection ratio.
• [2星][3m] rubyfly/k7antivirus_poc K7AntiVirus_POC
• [2星][2y] [C] sqdwr/deletefilebycreateirp 通过创建Irp删除文件，代码抄袭自某杀毒软件*86部分，因此可以看到IDA痕迹
• [2星][2y] zhiyuanwang-chengdu-qihoo360/escanav_poc escanAntivirus CVE
• [2星][2y] zhiyuanwang-chengdu-qihoo360/k7_antivirus_poc K7 Antivirus CVE
• [1星][7y] [Py] daveclowe/mcbup Python script which converts McAfee quarantine files back to their native format, generates an MD5 hash, and queries the VirusTotal API for antivirus scan results.
• [1星][2y] [Java] pnfsoftware/jeb2-plugin-avqu JEB Plugin Extractor for Anti-Virus Quarantine files
• [1星][3y] [Java] sanjeet990/android-antivirus-project This is an Antivirus project for Android that I created for my college project.
• [1星][4y] [Java] sushanthikshwaku/antiv Anti virus app for android using VirusTotal
• [1星][2y] zhiyuanwang-chengdu-qihoo360/jiangmin_antivirus_poc Jiangmin_Antivirus_CVE
• [1星][2y] zhiyuanwang-chengdu-qihoo360/maxsecureantivirus_poc MaxSecureAntivirus CVE
• [1星][2y] zhiyuanwang-chengdu-qihoo360/nprotectantivirus_poc nProtectAntivirus_CVE
• [1星][2y] zhiyuanwang-chengdu-qihoo360/zillyaantivirus_poc ZillyaAntivirusCVE
• [0星][2y] d0nemkj/poc_bsod Antivirus software's BSOD poc
• [0星][2y] [C++] mmmxny/k7-antivirus
• [0星][2y] eonrickity/cve-2017-0213 Fixed No Virus Manual Automatic Loader exe no zip because zip picks up the anti virus detector.
• [0星][4m] [Py] giacomoferro/antivirus-detection-analysis Software Security project - Malware Detection Analysis A.A. 2019/2020.
• [None星][C#] med0x2e/noamci Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
• [None星]hack2fun/bypassav Cobalt Strike插件，用于快速生成免杀的可执行文件
• [None星][C] reddyyz/ghostshell Malware indetectable, with AV bypass techniques, anti-disassembly, etc.

<a id="43ab3b50407757fdb5a2b9cb2c3e4cad"></a>文章

<a id="eb021f60cbd17bdf75a241a68fa0986e"></a>新添加

• 2020.05 [eforensicsmag] Simple Techniques to Bypass AVs | By Siddharth Sharma
• 2020.05 [secplicity] MedusaLocker Ransomware Will Bypass Most Antivirus Software
• 2020.04 [t00ls] CobaltStrike Powershell Bypass AV 初探
• 2020.03 [kitploit] Oce Colorwave 500 CSRF / XSS / Authentication Bypass
• 2020.03 [zerodayinitiative] Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability
• 2020.03 [freebuf] 关于分段免杀执行的思考
• 2020.03 [hakin9] Xencrypt - A PowerShell script anti-virus evasion tool
• 2020.02 [markmotig] UglyEXe — bypass some AVs
• 2020.02 [aliyun] 那些shellcode免杀总结
• 2020.02 [virtuesecurity] Evading Antivirus with Better Meterpreter Payloads
• 2020.01 [ionize] Detecting AMSI Bypass
• 2019.12 [aliyun] shellcode加密过杀软
• 2019.12 [andrea] Bypass Win AV and Firewall with powershell code
• 2019.12 [LoiLiangYang] Evade Detection with Auto Process Migration on Shell Exploit (Cybersecurity)
• 2019.12 [sarang6489] Root Detection Bypass With Frida.
• 2019.12 [trendmicro] Waterbear is Back, Uses API Hooking to Evade Security Product Detection
• 2019.12 [sarang6489] Root Detection Bypass By Manual Code Manipulation.
• 2019.11 [eforensicsmag] Bypassing AVs by C# Managed Code (Reverse Shell) | By Damon Mohammadbagher
• 2019.11 [deepsec] ROOTS 2019 Talk: Shallow Security: on the Creation of Adversarial Variants to Evade ML-Based Malware Detectors – Fabricio Ceschin
• 2019.11 [two06] AMSI as a Service — Automating AV Evasion
• 2019.11 [dodgethissecurity] Hancitor. Evasive new waves, and how COM objects can use Cached Credentials for Proxy Authentication.
• 2019.10 [trustedsec] Discovering the Anti-Virus Signature and Bypassing It
• 2019.10 [vmray] [Risky Business Podcast] 3 Approaches that Evade Static Machine Learning Detection
• 2019.09 [carbonblack] CB TAU Threat Intelligence Notification: Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself
• 2019.09 [aliyun] 使用C＃编写自定义后门负载》学习笔记及免杀尝试
• 2019.07 [freebuf] 安全视角下的木马免杀技术讨论
• 2019.07 [aliyun] MSF利用python反弹shell-Bypass AV
• 2019.06 [bugbountywriteup] Antivirus Evasion with Python
• 2019.05 [arxiv] [1905.13409] Bypassing Backdoor Detection Algorithms in Deep Learning
• 2019.05 [benoit] PowerShell AV evasion
• 2019.05 [4hou] 绕过杀软：通过网络接收ShellCode的无文件攻击方式与检测方法
• 2019.05 [freebuf] 绕过杀软！SQL Server Transact-SQL 的无文件攻击姿势
• 2019.05 [4hou] 绕过杀软！SQL Server Transact-SQL的无文件攻击姿势
• 2019.05 [freebuf] 零杀软检出，我国遭到“海莲花”新手法攻击
• 2019.04 [threatbook] 【微步在线报告】零杀软检出，我国遭到“海莲花”新手法攻击
• 2019.04 [astr0baby] Metasploit payloads evasion against Linux AV
• 2019.04 [fbotes2] Advance AV Evasion Symantec and P4wnP1 USB
• 2019.04 [crowdstrike] Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber”
• 2019.03 [f5] How Malware Evades Detection
• 2019.03 [govolution] Antivirus Evasion on OSX
• 2019.03 [0x00sec] [FUN] Bypass XSS Detection WAF
• 2019.03 [yoroi] Evading AV with JavaScript Obfuscation
• 2019.03 [bromium] Tricks and COMfoolery: How Ursnif Evades Detection
• 2019.02 [aliyun] 渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗
• 2019.02 [4hou] 使用Cobalt Strike和Gargoyle绕过杀软的内存扫描
• 2019.02 [aliyun] Bypass AVs to Add Users
• 2019.02 [cybereason] The Newest Variant of the Astaroth Trojan Evades Detection in the Sneakiest Way
• 2019.02 [aliyun] 从静态到动态打造一款免杀的antSword(蚁剑)
• 2019.01 [paloaltonetworks] Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security
• 2019.01 [0x00sec] Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell
• 2019.01 [lookout] Lookout researchers disable Android malware designed to evade detection
• 2019.01 [t00ls] 投稿文章：Bypass Applocker + 免杀执行任意 shellcode [ csc + installUtil ]
• 2019.01 [proofpoint] Phishing template uses fake fonts to decode content and evade detection
• 2019.01 [abend] Bypassing anti virus using powershell
• 2018.12 [cyberarms] AV & AMSI Bypass with Magic Unicorn
• 2018.11 [0x00sec] New AV Bypass techniques
• 2018.10 [360] 老树开新花：利用Excel 4.0宏躲避杀软检测的攻击技术分析
• 2018.10 [checkpoint] How To Detect LibSSH Authentication Bypass for EC2 Instances | Check Point Software Blog
• 2018.10 [aliyun] 深入了解Metasploit框架的AV免杀新功能
• 2018.10 [rapid7] Metasploit's First Antivirus Evasion Modules: Evading AV Detection
• 2018.10 [reversinglabs] eWeek: Cisco Talos and ReversingLabs warn that the Adwind Remote Access Trojan (RAT) has added capabilities that enable it bypass some anti-virus technologies
• 2018.09 [aliyun] 攻击者是如何利用Delphi加壳器来实现免杀的
• 2018.09 [360] 利用Office公式编辑器特殊处理逻辑的免杀技术分析（CVE-2017-11882）
• 2018.09 [venus] 利用了Office公式编辑器特殊处理逻辑的最新免杀技术分析（CVE-2017-11882）
• 2018.09 [DoktorCranium] Bypassing latest Avast AV on Windows 10 x86_64
• 2018.09 [astr0baby] Bypassing latest Avast AV on Windows 10 x86_64
• 2018.09 [arxiv] [1809.00615] Have You Stolen My Model? Evasion Attacks Against Deep Neural Network Watermarking Techniques
• 2018.08 [alienvault] Antivirus Evasion for Penetration Testing Engagements
• 2018.08 [arxiv] [1808.04218] Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection
• 2018.08 [radware] Drive-By Cryptomining: Another Way Cyber-Criminals Are Trying to Evade Detection
• 2018.07 [aliyun] 通过操控MIME让病毒邮件五步轻松过杀软
• 2018.06 [360] win10内存执行meterpreter绕过杀软第二弹
• 2018.06 [freebuf] 技术讨论 | NjRAT通过base64编码加密混淆Code免杀绕过360杀毒实验
• 2018.06 [injection] OSCP Journey Part 15.0 (Bettercap, Merlin, and 1000 subs!/MitM+AV Evasion)
• 2018.06 [n00py] Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus (Part 2)
• 2018.06 [freebuf] 技术讨论 | Windows 10进程镂空技术（木马免杀）
• 2018.06 [n00py] 在内存中执行Meterpreter并绕过AV(Win10)
• 2018.05 [aliyun] 构造免杀的asp一句话木马
• 2018.05 [ironcastle] Antivirus Evasion? Easy as 1,2,3, (Fri, May 25th)
• 2018.05 [sans] Antivirus Evasion? Easy as 1,2,3
• 2018.04 [trendmicro] 僵尸软件Necurs利用互联网快捷方式文件(Internet Shortcut File)躲避垃圾邮件检测(TrendMicro)
• 2018.04 [freebuf] 利用DiskShadow服务实现免杀持久化控制以及活动目录数据库提取
• 2018.04 [freebuf] Metasploit的简单木马免杀技术及后渗透面临的问题
• 2018.03 [freebuf] 利用了多种Office OLE特性的免杀样本分析及溯源
• 2018.03 [360] 利用了多种Office OLE特性的免杀样本分析及溯源
• 2018.03 [tan6600] 木马核心技术剖析读书笔记之木马免杀
• 2018.03 [arxiv] [1803.04173] Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables
• 2018.03 [crowdstrike] Too Accessible: How CrowdStrike Falcon Detects and Prevents Windows Logon Bypasses
• 2018.03 [infosecinstitute] Android Root Detection Bypass by Reverse Engineering APK
• 2018.03 [freebuf] 经验分享 | 一句话免杀编写思路
• 2018.02 [marcoramilli] Control Flow Integrity: a Javascript Evasion Technique
• 2018.01 [trustedsec] Very high level of confidence’ Russia used Kaspersky software for devastating NSA leaks, Featuring David Kennedy – Yahoo Finance
• 2018.01 [pentesttoolz] How to Create Undetectable Python Payloads that Bypass Antiviruses – Kali Linux 2017.3
• 2018.01 [digitalforensicstips] Ghostwriting for Antivirus Evasion in 2018
• 2018.01 [hyperiongray] Malicious Excel DDE Execution with ML AV Bypass and Persistence
• 2017.12 [evi1cg] BypassAV With ReflectivePEInjection
• 2017.12 [freebuf] Meterpreter免杀及对抗分析
• 2017.12 [freebuf] Windows Payload免杀方法实验
• 2017.12 [4hou] 杀软对抗：一个面向渗透工程师的杀软绕过思路分享（含实现代码）
• 2017.11 [freebuf] 海莲花团伙利用MSBuild机制免杀样本分析
• 2017.11 [freebuf] Metasploit自动化Bypass Av脚本：Shecodject X Shellcode Injection
• 2017.11 [360] 海莲花团伙利用MSBuild机制免杀样本分析
• 2017.11 [venus] 海莲花团伙利用MSBuild机制免杀样本分析
• 2017.10 [insinuator] 使用 Mimikatz 提取“不可导出”的证书和私钥，使用 Powersploit 躲避 AV 检测
• 2017.10 [secist] PHP之编写日志文件留后门（免杀）
• 2017.10 [icebrg] APT 组织 FIN7 使用新技巧躲避检测
• 2017.08 [freebuf] BlackHat后续：可绕过杀软的免杀工具AVPASS？随我一探究竟
• 2017.08 [pediy] [原创]BlackHat后续：可绕过杀软的免杀工具AVPASS？360:独家解析
• 2017.08 [cybereason] Cerber ransomware variants now actively try to detect and evade Canary files
• 2017.08 [freebuf] 工具解析|杀毒引擎惨遭打脸，黑帽大会爆惊天免杀工具
• 2017.08 [crowdstrike] How to Block Malicious PowerShell Activity: Bypassing Traditional AV
• 2017.07 [freebuf] 安天移动安全联合猎豹揭秘无形之贼Dosoft免杀病毒
• 2017.07 [pentestlab] 绕过反病毒软件和主机入侵检测系统
• 2017.07 [avlsec] 安天移动安全联合猎豹揭秘无形之贼Dosoft免杀病毒
• 2017.07 [hackers] How to Evade Detection with proxychains
• 2017.07 [DoktorCranium] Bypassing Antivirus on modern OSX with metasploit
• 2017.07 [freebuf] 恶性病毒Pengex通过系统盘疯狂传播，攻击所有主流杀软却唯独放过腾讯
• 2017.07 [4hou] 恶性病毒Pengex通过系统盘疯狂传播：攻击所有主流杀软，唯独放过腾讯
• 2017.07 [venus] 恶性病毒 Pengex 通过系统盘疯狂传播 攻击所有主流杀软 唯独放过腾讯
• 2017.06 [govolution] Using msf alpha_mixed encoder for antivirus evasion
• 2017.06 [pediy] [原创]改一个字节轻松免杀，从蓝屏电脑发现腾讯“暗云Ⅲ木马专杀”的坑爹技术
• 2017.06 [freebuf] Metasploit实验：制作免杀payload+对任意“外网”主机的远控
• 2017.06 [eyeofrablog] Bypass antivirus with simple RTF tricks.
• 2017.06 [ms509] 分享一种可关闭大多数杀软的技术（对360安全卫士已验证成功）
• 2017.06 [freebuf] 分享一种可关闭大多数杀软的技术（对360安全卫士已验证成功）
• 2017.05 [360] CVE-2017-0199结合powershell过杀软弹回meterpreter
• 2017.05 [pediy] [原创]免杀技术有一套（免杀方法大集结）(Anti-AntiVirus)
• 2017.05 [arxiv] [1705.07263] Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods
• 2017.05 [crowdstrike] How to Install Falcon Antivirus (AV) on the Mac Platform
• 2017.05 [attify] 如何使用Frida绕过iOS应用的越狱检测
• 2017.05 [attify] Bypass Jailbreak Detection with Frida in iOS applications
• 2017.05 [hackers] How to Evade AV with OWASP-ZSC, Part 1
• 2017.05 [mcafee] Cerber Ransomware Evades Detection With Many Components
• 2017.05 [mcafee] Cerber Ransomware Evades Detection With Many Components
• 2017.04 [countercept] AV Bypass Techniques through an EDR Lens
• 2017.04 [countercept] 常用通过自解密绕过杀软的技巧分析，以及 EDR 如何防护。（EDR：Endpoint Detection & Response，终端检测和相应）
• 2017.04 [hipaajournal] Webroot AV Update Failure Causes Havoc: Windows System Files and EXE Files Quarantined
• 2017.04 [aliyun] Cobalt Strike搭建和使用以及bybass杀软
• 2017.04 [securelist] Old Malware Tricks To Bypass Detection in the Age of Big Data
• 2017.03 [4hou] 免杀的艺术：史上最全的汇编Shellcode的技巧（三）
• 2017.03 [4hou] 免杀的艺术：PE文件后门的植入（二）
• 2017.03 [360] 针对利用DNS的TXT记录查询进行通信绕过杀软检测的木马分析
• 2017.03 [4hou] 免杀艺术 1: 史上最全的免杀方法汇总
• 2017.03 [cobbr] ObfuscatedEmpire - Use an obfuscated, in-memory PowerShell C2 channel to evade AV signatures
• 2017.03 [redcanary] Bypassing Application Whitelisting: How IT Teams Can Detect It
• 2017.02 [360] 通过DNS传输后门来绕过杀软
• 2017.01 [crowdstrike] How to Replace Traditional Antivirus (AV) with CrowdStrike Falcon
• 2017.01 [HackersOnBoard] DEF CON 24 - The Remote Metamorphic Engine - Detecting - Evading - Attacking
• 2017.01 [4hou] 如何绕过杀软执行 Mimikatz？
• 2017.01 [averagesecurityguy] Bypassing AntiVirus with Golang
• 2017.01 [blackhillsinfosec] How to Bypass Anti-Virus to Run Mimikatz
• 2016.12 [HackingMonks] Honeypots (create,detect and bypass)
• 2016.12 [kalitutorials] Use Python To Detect And Bypass Web Application Firewall
• 2016.12 [pentest] Art of Anti Detection 1 – Introduction to AV & Detection Techniques
• 2016.11 [360] assert免杀一句话
• 2016.11 [morphisec] New Wave of Hancitor Comes with New Evasive Techniques
• 2016.11 [0x00sec] Pirating Illegally - How to Evade ISP Detection
• 2016.11 [freebuf] Meterpreter免杀技巧分享（亲测有效）
• 2016.11 [vkremez] Bypassing Anti-Virus Signature Detection
• 2016.10 [qq] 宏病毒利用EnumDateFormats执行Shellcode创建傀进程绕杀软
• 2016.10 [4hou] 如何打造一款免杀Metasploit WAR木马？
• 2016.10 [brokenbrowser] Detecting Local Files to Evade Analysts (IE)
• 2016.10 [ms509] 可关闭大部分杀软的技术？针对360卫士已验证成功
• 2016.08 [qq] BootKit成“异鬼”：通过感染VBR绕过杀软
• 2016.08 [blackhillsinfosec] Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV
• 2016.08 [LoiLiangYang] How Does Antivirus Software Work And How To Evade It
• 2016.08 [360] js敲诈者变种利用PowerShell免杀分析
• 2016.08 [fortinet] New Era in Anti-Virus Detection Evasions
• 2016.07 [netnea] Having Fun with New Evasions
• 2016.07 [virusbulletin] Paper: The Journey of Evasion Enters Behavioural Phase
• 2016.07 [securitygossip] Evading Android Runtime Analysis via Sandbox Detection
• 2016.07 [sjtu] Evading Android Runtime Analysis via Sandbox Detection
• 2016.07 [blackhillsinfosec] Three Simple Disguises for Evading Antivirus
• 2016.06 [duo] Ransomware Evades Antivirus and Microsoft Security Tools, Targets Office 365
• 2016.06 [mcafee] Threat Actors Employ COM Technology in Shellcode to Evade Detection
• 2016.06 [mcafee] Threat Actors Employ COM Technology in Shellcode to Evade Detection
• 2016.05 [8090] 使用橡皮鸭硬件绕过杀软，渗透Win 7
• 2016.05 [freebuf] 使用橡皮鸭硬件绕过杀软，渗透Win 7
• 2016.05 [trustlook] Fake Adobe Flash App Evades Most Anti Virus Detection, Manipulates Phone by Command & Control Server in Latvia
• 2016.04 [rsa] Detection of Squiblydoo COM+ Whitelist Bypassing with ECAT
• 2016.04 [blackhillsinfosec] How to Bypass Application Whitelisting & AV
• 2016.04 [gracefulsecurity] Adventures in Anti-Virus Evasion
• 2016.04 [arno0x0x] Meterpreter stage AV/IDS evasion with powershell
• 2016.03 [freebuf] 如何利用十行代码，绕过杀毒软件实现免杀？
• 2016.03 [hackingarticles] Hack Remote Windows 10 PC using ARCANUS (Bypass All Antivirus)
• 2016.03 [attactics] Bypassing Antivirus With Ten Lines of Code or (Yet Again) Why Antivirus is Largely Useless
• 2016.02 [evi1cg] bypassAV_hanzoInjection
• 2016.02 [notsosecure] Bypassing Jailbreak Detection in iOS
• 2016.01 [] 我是标题党：免杀所有杀软的端口转发工具
• 2016.01 [cylance] CylancePROTECT® is the First Signature-less Next Generation Antivirus to be Certified by AV-TEST
• 2016.01 [securitygossip] Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
• 2016.01 [sjtu] Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
• 2016.01 [paloaltonetworks] Angler Exploit Kit Continues to Evade Detection: Over 90,000 Websites Co
• 2015.12 [ensilo] You’re so predictable: the AV vulnerability that bypasses mitigations
• 2015.12 [alienvault] Cherry Picker POS Malware Scraping Memory and Evading Detection
• 2015.11 [freebuf] 修改Metasploit x64模版逃避杀软
• 2015.10 [blackhillsinfosec] Modifying Metasploit x64 template for AV evasion
• 2015.10 [trendmicro] New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection
• 2015.09 [] 使用shellcode打造MSF免杀payload
• 2015.09 [kaspersky] AV-Comparatives awards Kaspersky Lab’s Anti-phishing technology
• 2015.08 [freebuf] Payload生成器：Metasploit AV Evasion
• 2015.08 [alienvault] FF-RAT Uses Stealth Tactics to Evade Endpoint Detection
• 2015.08 [secist] 转载：PHP一句话过安全狗、360主机卫士、D盾等免杀思路！
• 2015.07 [ly0n] Basic AV bypass
• 2015.07 [ly0n] Basic AV bypass
• 2015.07 [hackingarticles] Bypass Antivirus and Hack Remote Windows PC with shelter
• 2015.07 [mcafee] Threat Actors Use Encrypted Office Binary Format to Evade Detection
• 2015.07 [mcafee] Threat Actors Use Encrypted Office Binary Format to Evade Detection
• 2015.06 [sans] CVE-2014-4114 and an Interesting AV Bypass Technique
• 2015.06 [wojdwo] Bypassing malware detection mechanisms in online banking
• 2015.06 [mrg] Generic bypass of next-gen intrusion / threat / breach detection systems
• 2015.05 [trustwave] Malicious Macros Evades Detection by Using Unusual File Format
• 2015.04 [trustlook] Trustlook Antivirus & Mobile Security Ranked Top In AV-TEST With Best Score
• 2015.04 [lastline] Malware in the Wild: Evolving to Evade Detection
• 2015.03 [mcafee] POS Malware Uses Time-Stamp Check to Evade Detection
• 2015.03 [mcafee] POS Malware Uses Time-Stamp Check to Evade Detection
• 2015.03 [y0nd13] Bypassing AV in 2015
• 2015.03 [securitysift] peCloak.py – An Experiment in AV Evasion
• 2015.03 [sans] How Malware Generates Mutex Names to Evade Detection
• 2015.03 [duo] Password-Stealing Tool Targets Windows; Evades Antivirus
• 2015.02 [leonjza] a trivial iOS jailbreak detection bypass
• 2015.02 [] 手工打造Windows下编译的免杀Payload
• 2014.11 [arxiv] [1411.6777] Modified Apriori Approach for Evade Network Intrusion Detection System
• 2014.08 [3xp10it] assert免杀一句话
• 2014.08 [3xp10it] 免杀
• 2014.08 [3xp10it] 免杀
• 2014.08 [3xp10it] assert免杀一句话
• 2014.08 [sevagas] Bypass Antivirus Dynamic Analysis
• 2014.07 [privacy] AV Evasion 6: Best-Performing Tactics
• 2014.07 [privacy] AV Evasion 5: Blending in Instead of Hiding the Bad
• 2014.07 [privacy] AV Evasion 4: Encoders and Fuzzy NOPs Fail
• 2014.07 [privacy] AV Evasion 3: EXE Templates and Run-Time Dynamic Linking
• 2014.06 [hackwhackandsmack] JavaRMI Remote Class Loading Exploitation with AV Bypass
• 2014.06 [privacy] AV Evasion 2: Hurdles for Metasploit Payload Execution
• 2014.06 [privacy] AV Evasion: Lessons Learned
• 2014.05 [govolution] Article about Antivirus Evasion
• 2014.05 [mcafee] Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated Analysis
• 2014.05 [mcafee] Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated Analysis
• 2014.05 [rapid7] Is AV dead? Why Symantec's executive is only half right about the state of anti-virus software
• 2014.05 [rapid7] Anti-Virus Evasion Makes Vulnerability Validation More Accurate
• 2014.04 [rapid7] From the Trenches: AV Evasion With Dynamic Payload Generation
• 2014.03 [rapid7] New Metasploit 4.9 Helps Evade Anti-Virus Solutions, Test Network Segmentation, and Increase Productivity for Penetration Testers
• 2014.01 [ethicalhackingnews] How to Change the Signature of Metasploit Payloads to Evade Antivirus Detection
• 2014.01 [rapid7] Security Guide - Evading Anti-Virus Detection
• 2013.11 [] 闲谈 bypass AV
• 2013.10 [deepsec] DeepSec 2013 Talk: Easy Ways To Bypass Anti-Virus Systems
• 2013.10 [rsa] New Kazy Variant Evades Research Detection Using "Chameleon Encoding"
• 2013.08 [trustlook] Craig Young's POC malware bypassed all security detection
• 2013.08 [hackingarticles] Bypass Antivirus and Hack Remote Windows PC with Syringe
• 2013.08 [] 利用procdump+Mimikatz 绕过杀软获取Windows明文密码
• 2013.07 [pediy] [原创]导入表静态特征免杀
• 2013.06 [reverse] Gone in 59 seconds: tips and tricks to bypass AppMinder’s Jailbreak detection
• 2013.06 [] 对于脚本木马的免杀(特别针对安全狗的V3.0)的经验附过狗菜刀
• 2013.06 [] 好免杀，hyperion造
• 2013.06 [] 那些年一起绕过的杀软
• 2013.05 [trendmicro] Blackhole Spam Run Evades Detection Using Punycode
• 2013.04 [rsa] Zeus C&C Server Poses as Google to Evade Detection
• 2013.04 [mcafee] Phishing Threat Uses UTF-8 BOM in ZIP Signature to Evade Detection
• 2013.03 [malwarebytes] New Exploit Kit, Ransomware and AV evasion
• 2013.02 [mcafee] Evasion Techniques: Encoded JavaScript Attacks PDF Files
• 2013.01 [netspi] Bypassing Anti-Virus with Metasploit MSI Files
• 2013.01 [rapid7] Evading Anti-Virus Detection - Whiteboard Wednesday
• 2013.01 [netspi] 10 Evil User Tricks for Bypassing Anti-Virus
• 2012.12 [hackingarticles] Bypassing Antivirus using Multi Pyinjector Shell Code Injection in SET Toolkit
• 2012.12 [pediy] [原创]一种绕过现代杀软主动防御功能的思路
• 2012.11 [cyberarms] Bitdefender wins Anti-Virus Test while Microsoft AV Failed Certification
• 2012.10 [] 免杀shell-weevely分析
• 2012.09 [y0nd13] Bypass PHP ShellDetector: Poorman Style
• 2012.09 [] 最新免杀php后门一句话
• 2012.08 [christophertruncer] Bypass Antivirus with Meterpreter as the Payload & Hyperion Fun
• 2012.08 [hackingarticles] Hack Windows7 PC using Powershell Attack Vector in Social Engineering Toolkit (Bypassing Antivirus)
• 2012.08 [cyberarms] Social Engineering Toolkit: Bypassing Anti-Virus using Powershell
• 2012.07 [rapid7] New Metasploit 4.4: Risk Validation for Vulnerability Management with Nexpose, Improved AV Evasion, and Faster UI
• 2012.07 [trustedsec] Egress Buster Reverse Shell and Bypassing AV
• 2012.07 [DoktorCranium] Comodo Internet Security AV & Sandbox bypass
• 2012.05 [] 关于php一句话免杀的分析
• 2012.02 [reverse] AV-monster: the monster that loves yummy OS X anti-virus software
• 2011.08 [pediy] [翻译]Bypassing AntiVirus Detection for Malicious PDFs
• 2011.05 [y0nd13] Evading Antivirus Emulator using stealth meterpreter
• 2011.01 [elearnsecurity] Evading Antiviruses with msfencode
• 2010.12 [scrt] Bypass “Simple” de proxy antivirus
• 2010.08 [console] Bypassing AntiVirus With Process Injection
• 2010.06 [trustedsec] Anti-Virus Evasion through JavaScript Obfuscation
• 2010.04 [krebsonsecurity] Fake Anti-virus Peddlers Outmaneuvering Legitimate AV
• 2009.05 [skullsecurity] Bypassing AV over the Internet with Metasploit
• 2008.01 [oberheide] Detecting and Evading CWSandbox
• 2007.10 [pediy] [原创]Keymake脱壳+补附加数据+免杀
• 2006.12 [sans] Malformed MIMEs can bypass AV
• 2006.06 [sans] Snort URL evasion vulnerability patched and version 2.6.0 available
• 2005.11 [sans] F-Prot Anti-Virus Scanning Engine Bypass
• 2004.10 [sans] Multiple anti-virus software evasion

<a id="d9b2e74a805ed64182b5784b7fa2a4fb"></a>Msfvenom

<a id="5a642a096788ca0c11bef126b533c6ad"></a>Msfvenom

• 2018.08 [code610] venome.sh - simple msfvenom "generator"
• 2017.09 [n0where] MSFvenom Payload Creator: MSFPC
• 2017.07 [hackers] Metasploit Basics, Part 9: Using msfvenom to Create Custom Payloads
• 2017.05 [secist] Msfvenom学习总结
• 2016.12 [8090] Metasploit应用笔记-msfvenom生成meterpreter后门代码
• 2016.07 [korznikov] msfvenom Bash Completion Generator
• 2016.05 [blackhillsinfosec] Advanced Msfvenom Payload Generation
• 2015.07 [n0where] Msfvenom Payload Creator: MPC
• 2015.07 [freebuf] Meatsploit Framework msfvenom使用简介
• 2014.03 [rapid7] Like msfvenom? Here's A Faster Way to Generate Stand-alone Metasploit Payloads

<a id="7730a4447da61926c4f582db6ee96b32"></a>Youtube

• 2019.11 [LoiLiangYang] Live Android Hacking with MSFVenom
• 2019.04 [JosephDelgadillo] Learn System Hacking E9: Creating Windows Payloads with MSFvenom
• 2019.04 [HackerSploit] How To Setup Port Forwarding For Msfvenom Android Payloads (WAN)
• 2019.03 [HackerSploit] Manually Embedding Msfvenom Payloads In APK's - Proof Of Concept
• 2018.12 [HackerSploit] Generating Shellcode With Msfvenom
• 2018.07 [HackerSploit] Generating Android Payloads With Msfvenom - Reverse TCP/Meterpreter
• 2018.06 [HackerSploit] AV/IDS Evasion With Msfvenom - Payload Encoding Through Obfuscation

<a id="e59f6ecd26ef69cefe42e7362af6aa0f"></a>hackingarticles

• 2018.03 [hackingarticles] Generating Reverse Shell using Msfvenom (One Liner Payload)
• 2017.11 [hackingarticles] Msfvenom Tutorials for Beginners
• 2017.04 [hackingarticles] 2 ways to use Msfvenom Payload with Netcat
• 2017.03 [hackingarticles] Hiding Shell with Prepend Migrate using Msfvenom
• 2017.03 [hackingarticles] Capture VNC Session of Remote PC using Msfvenom
• 2016.07 [hackingarticles] Hack Remote Windows PC using Macros with Msfvenom
• 2012.08 [hackingarticles] Hack Remote Windows 7 PC Easy Way (Msfvenom Tutorial)

<a id="fd930c71d4f8d16ee4a993e04e618394"></a>AntiVirus

• 2020.03 [0x00sec] How to protect my virus.exe from Anti-virus with Kernel-Mode Rootkit
• 2020.01 [0x00sec] Anti-virus Exploitation: Malwarebytes 4.0.4 - Protection Not Found - Hijacking Malwarebytes via COM IPC
• 2020.01 [BlackHat] Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator
• 2019.11 [0x00sec] Anti-virus Exploitation: Local Privilege Escalation in K7 Security (CVE-2019-16897)
• 2019.11 [0x00sec] How do you think malware authors will adapt to AI/ML based Anti-Virus detection?
• 2019.10 [virusbulletin] Stalkerware poses particular challenges to anti-virus products
• 2019.10 [HackersOnBoard] Windows Offender Reverse Engineering Windows Defender's Antivirus Emulator
• 2019.10 [sentinelone] CyberSecurity Breakthrough Awards Name SentinelOne Overall Antivirus Solution Provider of 2019
• 2019.09 [TechnicalMujeeb] Termux Antivirus - install & use Antivirus in Termux - android
• 2019.08 [rce4fun] Comodo Antivirus - Sandbox Race Condition Use-After-Free (CVE-2019-14694)
• 2019.07 [microsoft] How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
• 2019.05 [rce4fun] Panda Antivirus - Local Privilege Escalation (CVE-2019-12042)
• 2019.02 [cybereason] Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
• 2019.01 [crowdstrike] Next-Gen Antivirus
• 2019.01 [kaspersky] SiliVaccine: Antivirus from North Korea
• 2019.01 [csoonline] Best Android antivirus? The top 13 tools
• 2019.01 [trustlook] Trustlook is one of the best Anti-Virus engines provider
• 2019.01 [trustlook] Trustlook is one of the best Anti-Virus engines provider
• 2019.01 [sans] Anti-virus No Thanks
• 2019.01 [sans] Antivirus is NOT Dead
• 2018.11 [stationx] New Sandbox Mode for Windows 10 Defender Antivirus: Here’s why you should pay attention…
• 2018.11 [csoonline] Best Android antivirus? The top 13 tools
• 2018.11 [antonioparata] Sacara VM Vs Antivirus Industry
• 2018.11 [minerva] How can malware authors determine whether their tools will be detected by antivirus solutions
• 2018.11 [MalwareAnalysisForHedgehogs] Why There Is No Perfect Antivirus Scanner
• 2018.10 [microsoft] Windows Defender Antivirus can now run in a sandbox
• 2018.10 [gdatasoftware] Next-Generation Antivirus: How G DATA can protect customers from unknown threats
• 2018.09 [kaspersky] Why there’s no antivirus for iOS
• 2018.07 [ensurtec] A story about “free” antivirus
• 2018.06 [csoonline] Best Android antivirus? The top 12 tools
• 2018.06 [alienvault] SMBs: 3 Signs It’s Finally Time to Replace Your AntiVirus
• 2018.06 [arxiv] [1806.04773] Static Malware Detection & Subterfuge: Quantifying the Robustness of Machine Learning and Current Anti-Virus
• 2018.06 [landave] F-Secure的反病毒软件受7z的RCE漏洞影响
• 2018.05 [360] 挖矿软件利用Windows内置工具躲避杀软
• 2018.05 [trendmicro] Operators of Counter Antivirus Service Scan4You Convicted
• 2018.05 [csoonline] Best Android antivirus? The top 11 tools
• 2018.05 [checkpoint] SiliVaccine: A Special Report Into North Korea’s Anti-Virus
• 2018.05 [checkpoint] 朝鲜本土的AV软件SiliVaccine分析. SiliVaccine的核心组件"参考"了趋势科技10年前软件组件的代码
• 2018.04 [infosecinstitute] Configuration of Anti-Virus and Anti-Malware Software within an ICS Environment
• 2018.03 [cybereason] 由AutoHotKey脚本编写的窃密软件Fauxpersky分析
• 2018.03 [Sorsnce] PowerShell Anti-Virus with VirusTotal API
• 2018.03 [microsoft] Why Windows Defender Antivirus is the most deployed in the enterprise
• 2018.03 [mikefrobbins] Remotely Uninstall ESET Antivirus with PowerShell
• 2018.01 [greyhathacker] 使用函数 SeTakeOwnershipPrivilege 实现利用AV软件 System Shield 的任意内存写入漏洞(CVE-2018-5701)
• 2018.01 [blackhillsinfosec] Treating Antivirus as “The Gold Standard”
• 2018.01 [struppigel] Interpreting Antivirus Detection Names
• 2018.01 [cylance] Reverse Engineered Antivirus Detects Classified Documents
• 2018.01 [silentsignal] Bare Knuckled Antivirus Breaking
• 2018.01 [sans] Fake anti-virus pages popping up like weeds
• 2017.12 [securiteam] SSD Advisory – Kingsoft Antivirus/Internet Security 9+ Privilege Escalation
• 2017.12 [nettitude] An insight into antivirus testing: are you protected by your endpoint security?
• 2017.12 [microsoft] Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
• 2017.12 [forensiccontrol] Is Kaspersky Anti-virus Software in Deep Trouble? – IT security matters
• 2017.12 [myonlinesecurity] Using Antivirus Software and The Risk of Abuse by Nation States
• 2017.12 [f] Antivirus in the Hot Seat, with Mikko Hypponen
• 2017.12 [f] [New Podcast] Antivirus in the Hot Seat, with Mikko Hypponen
• 2017.11 [securiteam] SSD安全公告–Ikraus Anti Virus 远程代码执行漏洞
• 2017.11 [cybereason] How new threats curb the effectiveness of antivirus and next-generation antivirus
• 2017.11 [theevilbit] Turning CVE-2017-14961 (IKARUS anti.virus local kernel exploit) into full arbitrary read / write with PALETTE objects
• 2017.11 [binarydefense] New Vulnerability Uses Antivirus Software to Inject Malware
• 2017.11 [greyhathacker] 反病毒软件 IKARUS 的9个内核漏洞
• 2017.11 [ensurtec] Antivirus Bug Can Be Used to Attack You
• 2017.11 [binarydefense] New Vulnerability Uses Antivirus Software to Inject Malware
• 2017.11 [greyhathacker] AV 软件 Vir.ITeXplorer 任意写入漏洞利用
• 2017.10 [cylance] Antivirus: Understanding Why You Should Test for Yourself
• 2017.10 [securityledger] Antivirus Software is dying. What will replace it?
• 2017.10 [cybereason] Why antivirus software is becoming the rootkit you pay for
• 2017.10 [securiteam] SSD Advisory – Ikraus Anti Virus Remote Code Execution
• 2017.10 [randy] VirusTotal, Equifax, and Antimalware Products
• 2017.10 [ensurtec] How Much Do You Trust Your Antivirus Company?
• 2017.10 [stationx] Kaspersky Labs Antivirus.. Should you stop using it?
• 2017.10 [malwarejake] Should Antivirus software be part of your threat model?
• 2017.10 [NullByte] Rogue Devices: Antivirus Disabler Script on the USB Rubber Ducky
• 2017.09 [4hou] 保护你还是kill你？杀毒软件（DU Antivirus Security）窃取用户数据背后的真相
• 2017.09 [checkpoint] Does Your Mobile Anti-Virus App Protect Or Infect You? The Truth Behind DU Antivirus Security | Check Point Software Blog
• 2017.09 [checkpoint] 研究人员发现中国手机反病毒 App DU Antivirus Security 窃取用户数据
• 2017.08 [deepsec] Mythbusting: Anti-Virus Research considered dangerous
• 2017.08 [ehacking] What’s the Future of Anti-Viruses, Signature Based or Real Time Anomaly Based?
• 2017.08 [ehacking] What’s the Future of Anti-Viruses, Signature Based or Real Time Anomaly Based?
• 2017.08 [asd] Antivirus Software using Reputation Rating Checking
• 2017.08 [landave] F-Secure Anti-Virus: Arbitrary Free Vulnerability via TNEF
• 2017.08 [crowdstrike] Four Steps to Choosing the Right Antivirus Replacement
• 2017.07 [DoktorCranium] Kaspersky Free Antivirus on Windows 10 vs. Metasploit
• 2017.07 [DoktorCranium] Kaspersky Free Antivirus vs. Metasploit
• 2017.07 [ringzerolabs] 2017 Best Free Antivirus Solutions from a Malware Analysts Perspective
• 2017.07 [mrg] Limitations of Android AntiVirus Scanners
• 2017.07 [microsoft] Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware
• 2017.07 [checkpoint] SandBlast Agent Backs Up Anti-Virus by Preventing Recently Discovered Malware
• 2017.07 [malwarejake] Is antivirus software part of your threat model? Maybe it should be...
• 2017.06 [landave] Announcing a New Blog Series on Anti-Virus Software
• 2017.06 [arxiv] [1706.05779] Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices
• 2017.06 [malwarebytes] Announcing Malwarebytes Endpoint Protection, a next-generation antivirus replacement for businesses
• 2017.06 [riskiq] Thanks, But No Thanks: RiskIQ Identifies Hundreds of  Malicious ‘Antivirus’ Apps, Capitalizing on Ransomware Fears and Putting Users at Risk
• 2017.05 [cylance] How Traditional Antivirus Works
• 2017.03 [welivesecurity] Cybersecurity: weighing up the value of antivirus software
• 2017.03 [esecurityplanet] Anti-Virus Solutions Fail to Protect Against Ransomware
• 2017.03 [malwarebytes] Free antivirus coupon leads to tech support scam
• 2017.02 [cylance] Antivirus Testing for Real World Failure
• 2017.02 [activecanopy] Is your organization protected with your Anti-Virus subscription?…think again.
• 2017.02 [mcafee] Large Healthcare Company Standardizes on McAfee ENS 10.5 and McAfee MOVE AntiVirus to Protect 100,000+ Physical and Virtual Endpoints
• 2017.02 [cybereason] Why next-generation antivirus requires more than building a better mousetrap
• 2017.02 [kaspersky] Count the awards: Choosing an antivirus solution
• 2017.02 [virusbulletin] The Living Dead Anti-Virus
• 2017.02 [nviso] Working with GFI Cloud anti-virus quarantine files
• 2017.01 [HackersOnBoard] DEF CON 24 - How to Do it Wrong: Smartphone Antivirus and Security Applications Under Fire
• 2017.01 [myonlinesecurity] Antivirus detections and why the initial response is so important
• 2017.01 [mikefrobbins] Using PowerShell to Audit Antivirus Updates on your Servers
• 2016.12 [malwarebytes] Announcing Malwarebytes 3.0, a next-generation antivirus replacement
• 2016.12 [heimdalsecurity] The best (free) security software to complement your antivirus
• 2016.11 [pluginvulnerabilities] CWIS Antivirus Scanner Plugin Spreading False Reports of Vulnerabilities In WordPress Plugins
• 2016.11 [virusbulletin] Throwback Thursday: The Politics of Anti-Virus
• 2016.10 [PNPtutorials] #6 - Setup || How to Install/Use ANTIVIRUS for Kali Linux ? || 1080 || HD
• 2016.10 [arxiv] [1610.06022] From Malware Signatures to Anti-Virus Assisted Attacks
• 2016.09 [checkpoint] Antivirus Isn’t Dead, But It’s No Panacea | Check Point Software Blog
• 2016.09 [talosintelligence] Kaspersky Anti-Virus Unhandled Windows Messages Denial of Service Vulnerability
• 2016.08 [malwarebytes] Unpacking the spyware disguised as antivirus
• 2016.08 [kaspersky] The evolution of reputational antivirus technologies
• 2016.08 [sophos] Sophos Home rated “Best Free Mac Antivirus” by Tom’s Guide
• 2016.07 [breakdev] Defeating Antivirus Real-time Protection From The Inside
• 2016.06 [duo] That Big Symantec Antivirus Bug
• 2016.06 [detectify] IT Security FAQ 9: What is the difference between a firewall, antivirus and services like Detectify? | Detectify Blog
• 2016.06 [seowhistleblower] Instantly Scan a File with 50+ Anti-Virus Programs! (Microsoft, McAfee, and more)
• 2016.05 [alienvault] Antivirus or Host IDS, Your Last Line of Defense
• 2016.05 [voidsec] The Curse of the Antivirus Solution
• 2016.05 [sans] CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation
• 2016.05 [securityevaluators] What Anti-Virus Should I Use?
• 2016.04 [trendmicro] Trend Micro Rated “Best Antivirus Software”
• 2016.04 [hackingtutorials] How does antivirus software work?
• 2016.04 [trustlook] Trustlook Antivirus & Mobile Security Android Video
• 2016.03 [trustwave] TWSL2016-003: Sophos Anti-Virus Mac OS X Version Update File Unlinking Vulnerability
• 2016.02 [myonlinesecurity] Eset antivirus and Eset Smart Security blocks Google
• 2016.01 [metaflows] Measured Antivirus Effectiveness
• 2016.01 [securityintelligence] Is Your Antivirus Software Vulnerable to Attack?
• 2016.01 [fortinet] Android Spywaller: Firewall-Style Antivirus Blocking
• 2016.01 [hackingarticles] How to Gather Information of Antivirus in Remote Victim PC using Metasploit
• 2016.01 [cyberoxen] Here’s the Best Antivirus Software for Windows 7, 8.1, and 10 PCs
• 2015.12 [malwarebytes] PUPs Masquerade as Installer for Antivirus and Anti-Adware
• 2015.11 [malwarebytes] Three Reasons Why Anti-Virus Alone is No Longer Enough
• 2015.11 [f5] Dyre Update: Moving to Edge and Windows 10 with Anti-Antivirus
• 2015.11 [welivesecurity] Schrödinger's antivirus: The immortality of antivirus software
• 2015.11 [redcanary] Does Next-Generation Anti-Virus Solve the Fatal Flaws of Anti-Virus?
• 2015.10 [sector] Is Anti-Virus Software Really Dead?
• 2015.10 [amossys] A peek inside antivirus’ cloud features
• 2015.09 [krebsonsecurity] ATM Skimmer Gang Firebombed Antivirus Firm
• 2015.09 [malwarebytes] What’s the difference between antivirus and anti-malware?
• 2015.09 [krebsonsecurity] Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals
• 2015.08 [securityintelligence] Dyre Summer Renovation: Randomized Config File Names Keep Antivirus Engines Guessing
• 2015.08 [virusbulletin] Back to the future: anti-virus engines and sandboxes
• 2015.08 [trendmicro] Antivirus Alone Is NOT Enough Protection for Today’s Sophisticated Threats
• 2015.07 [deepsec] New MJS Article: Why Anti-Virus Software Fails
• 2015.07 [checkpoint] ZoneAlarm Launches Windows 10 Compatible Antivirus Software for Consumers
• 2015.06 [virusbulletin] NSA, GCHQ found to target anti-virus products
• 2015.05 [securityblog] Get installed antivirus in C
• 2015.05 [360] New exploit kit targets Chinese computers without 360 antivirus
• 2015.05 [csoonline] Old-school anti-virus vendors learn new tricks
• 2015.05 [virusbulletin] Report: six anti-virus solutions pass annual Linux test
• 2015.04 [dreamsofastone] Anti-virus 1980ies style
• 2015.03 [cylance] Five Dirty Secrets of the Antivirus Industry
• 2015.03 [checkpoint] Check Point Reveals New RCE Vulnerability in BitDefender Anti-Virus | Check Point Software Blog
• 2015.03 [trustlook] Fake Antivirus Found on Google Play
• 2015.02 [metaflows] Network Antivirus White List and Minimum VT Score
• 2015.01 [welivesecurity] Do you really need antivirus software for Linux desktops?
• 2014.12 [govolution] Deepsec 2014: Why Antivirus Software fails
• 2014.11 [gironsec] assembly, c-sharp, anti-sandbox, anti-antivirus, anti-debug, and malware research
• 2014.11 [trustlook] Trustlook Antivirus & Security is back on Google Play Store!
• 2014.10 [pediy] [翻译]卡巴斯基研究员Santiago Pontiroli在Virus Bulletin会议上发表《比特币犯罪快速升级》
• 2014.10 [rapid7] Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
• 2014.10 [securityintelligence] Are You Digging Deep? When Antivirus Is Not Enough
• 2014.09 [deepsec] DeepSec 2014 Talk: Why Anti-Virus Software fails
• 2014.08 [zonealarm] Is Your PC Security Incomplete? Why You Need Both Firewall & Antivirus
• 2014.08 [zonealarm] Is Your PC Security Incomplete? Why You Need Both Firewall & Antivirus
• 2014.08 [trendmicro] Maximum Protection, Minimum Fuss: Trend Micro Titanium Antivirus+
• 2014.08 [arneswinnen] One Packer to Rule Them All: Empirical Identification, Comparison and Circumvention of Current Antivirus Detection Techniques
• 2014.07 [comodo] Vulnerabilities in Antivirus ID’d – Comodo Has the Solution
• 2014.07 [comodo] Vulnerabilities in Antivirus ID’d – Comodo Has the Solution
• 2014.06 [trendmicro] The evolving role of antivirus software
• 2014.06 [portcullis] Could Sophos Anti-Virus Web Protection cause a privacy concern for your organisation?
• 2014.05 [lastline] Antivirus Isn’t Dead, It Just Can’t Keep Up
• 2014.05 [alienvault] Antivirus is Dead, hmmm?  – Surprised, We are Not
• 2014.05 [securelist] Fake antivirus – attack of the clones
• 2014.05 [sophos] Sophos news in review: Partner conferences kick off, Target CEO resigns, and is antivirus ‘dead’?
• 2014.05 [krebsonsecurity] Antivirus is Dead: Long Live Antivirus!
• 2014.04 [ethicalhackingnews] Google Refund for Fake Android Antivirus
• 2014.04 [aircrack] Anti-virus issues and open letter to Anti-virus
• 2014.04 [ethicalhackingnews] Anti-virus App Virus Shield
• 2014.04 [sophos] Sophos Antivirus for vShield and OpenSSL Vulnerability (Heartbleed)
• 2014.01 [malwarebytes] Malwarebytes Anti-Malware tops in OPSWAT Antivirus Market Share Report
• 2014.01 [robert] Bootable antivirus rescue CDs
• 2014.01 [ethicalhackingnews] Why Using Multiple Antivirus Programs is a Bad Idea
• 2014.01 [rapid7] 12 Days of HaXmas: A Cat and Mouse Game Between Exploits and Antivirus
• 2013.12 [welivesecurity] The Death of Anti-Virus: conference paper
• 2013.12 [cert] OTP stealer Android app masquerading as mobile antivirus targets Polish users
• 2013.12 [privacy] Stop Fighting Anti-Virus 4: The Cert Signing Trick
• 2013.12 [privacy] Stop Fighting Anti-Virus 3: Impetus through Embarrassment
• 2013.12 [privacy] Stop Fighting Anti-Virus 2: Pursuit of Better Protection
• 2013.12 [privacy] Stop Fighting Anti-Virus: Pentester’s Viewpoint
• 2013.12 [securelist] ZeuS – Now Packed as an Antivirus Update
• 2013.12 [malwarebytes] “Buy $500 antivirus from us,” say cyber-criminals
• 2013.11 [techhelplist] Multiple Antivirus Vendors - ... Important System Update - requires immediate action - Virus
• 2013.11 [malwarebytes] Scammers Pose as Anti-Virus, Go Figure
• 2013.10 [trendmicro] Is Free Antivirus Software Enough?
• 2013.10 [welivesecurity] Solutions to current antivirus challenges
• 2013.10 [malwarebytes] Palestinian hackers deface popular Antivirus’ websites
• 2013.09 [osandamalith] Free Antivirus by Panda Security
• 2013.08 [sans] What Anti-virus Program Is Right For You?
• 2013.07 [malwarejake] Beating up on poor antivirus...
• 2013.07 [arxiv] [1307.6354] Protecting Anti-virus Programs From Viral Attacks
• 2013.07 [arxiv] [1307.5420] How do Viruses Attack Anti-Virus Programs
• 2013.07 [krebsonsecurity] Styx Crypt Makers Push DDoS, Anti-Antivirus Services
• 2013.05 [virusbulletin] US lifts ban on anti-virus software for Iran
• 2013.04 [sans] What is "up to date anti-virus software"?
• 2013.02 [sans] Anti-virus is not enough to defeat APT groups
• 2013.02 [securityblog] Get antivirus name on Windows using C#
• 2013.01 [mcafee] If You Deploy Only Antivirus, It Will Cost You More and Make You Less Secure
• 2012.12 [privacy] VX – The Virus Underground 5: Discussing Interaction with Antivirus Companies
• 2012.12 [privacy] G Data AntiVirus review
• 2012.12 [rapid7] The Odd Couple: Metasploit and Antivirus Solutions
• 2012.12 [securiteam] Anti-Virus, now with added Michelangelo
• 2012.12 [welivesecurity] Why Anti-Virus is not a waste of money
• 2012.11 [krebsonsecurity] Infamous Hacker Heading Chinese Antivirus Firm?
• 2012.11 [cyberarms] McAfee Anti-Virus Founder – Bath Salts, Gangsters and Murder?
• 2012.11 [sans] The shortcomings of anti-virus software
• 2012.10 [virusbulletin] Anti-virus software significantly shortens life of banking trojans
• 2012.10 [cyberarms] GFI Cloud Management for Antivirus, Asset Tracking & Network Management
• 2012.09 [privacy] VIPRE Antivirus 2014 review
• 2012.08 [forcepoint] Malicious Email Messages Posing as Antivirus Notifications
• 2012.08 [rsa] The failure of Antivirus against recent Malware
• 2012.08 [sans] Do we need test procedures in our companies before implementing Antivirus signatures?
• 2012.07 [privacy] Panda Antivirus Pro 2014 review
• 2012.06 [perezbox] Review of the WordPress AntiVirus Plugin – Effective or Not?
• 2012.06 [freebuf] unix反病毒工具包 – Clam AntiVirus Toolkit 0.97.5
• 2012.06 [perezbox] Selecting a MAC Anti-Virus Solution
• 2012.06 [codeinsecurity] The anti-virus age is over.
• 2012.05 [checkpoint] Check Point Launches ZoneAlarm® Free Antivirus + Firewall 2013
• 2012.04 [privacy] How malware authors are winning the war 2: exploit toolkits, fake antiviruses and mobile threats
• 2012.04 [privacy] Bitdefender Antivirus Plus 2017 review
• 2012.04 [sans] Anti-virus scanning exclusions
• 2012.04 [sans] Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results
• 2012.04 [sans] Digital Forensics Case Leads: Macs do need antivirus after all and Pastebin may start cutting what hackers paste
• 2012.04 [pentestlab] Post Exploitation – Disable Firewall and Kill Antivirus
• 2012.04 [welivesecurity] Free Anti-virus: Worth Every Penny?
• 2012.03 [welivesecurity] Information Security Disconnect: RSA, USB, Antivirus, and reality
• 2012.03 [welivesecurity] Security Professionals DO use antivirus
• 2012.03 [hackingarticles] Antivirus Forensics Tools
• 2012.02 [privacy] F-Secure Anti-Virus review
• 2012.02 [privacy] PC Tools Spyware Doctor with AntiVirus review
• 2012.02 [privacy] Free Antivirus vs Paid Antivirus: Interview with Michael Gregg
• 2012.02 [sans] Problem with Microsoft Antivirus regarding malware from google website
• 2012.02 [privacy] Kaspersky Anti-Virus 2015 review
• 2012.01 [krebsonsecurity] Microsoft: Worm Operator Worked at Antivirus Firm
• 2011.11 [virusbulletin] Most free Android anti-virus 'useless', find testers
• 2011.11 [securelist] Fake Kaspersky Antivirus
• 2011.10 [deepsec] Talk: FakeAntiVirus – Journey from Trojan to a Persisent Threat
• 2011.10 [hboeck] Anti-virus applications and the Bundestrojaner
• 2011.09 [welivesecurity] RIP Anti-Virus (Again)
• 2011.08 [trendmicro] Ask Vic — In order to install Titanium Maximum, do I need to uninstall my current antivirus software?
• 2011.08 [virusbulletin] Fake codec trojan disables anti-virus software
• 2011.08 [krebsonsecurity] Fake Antivirus Industry Down, But Not Out
• 2011.08 [welivesecurity] Win32/Delf.QCZ:Trust Me, I’m Your Anti-Virus
• 2011.06 [talosintelligence] A Close Look at Rogue Antivirus Programs
• 2011.06 [sans] Harry Potter and the Rogue anti-virus: Part 1
• 2011.06 [trendmicro] How to Secure Your Mac Against Fake Antivirus Malware
• 2011.06 [sans] Some Insight into Apple's Anti-Virus Signatures
• 2011.05 [sans] More on MAC OSX Malware - MACDefender Fake Antivirus
• 2011.04 [arxiv] [1104.1070] Evolution of Computer Virus Concealment and Anti-Virus Techniques: A Short Survey
• 2011.03 [krebsonsecurity] Rogue Antivirus Via Skype Phone Call?
• 2011.03 [krebsonsecurity] Renewal Buddy: Comparison Shopping for Anti-Virus Software
• 2011.02 [trendmicro] Firewalls, Antivirus, Antispam, Oh My!
• 2011.02 [deepsec] The Antivirus-Virus Conundrum
• 2011.01 [sans] Yet another rogue anti-virus
• 2011.01 [rapid7] Become invisible to anti-virus protection
• 2010.12 [toolswatch] Q4 2010 Antivirus, Backup Client and Windows OS Reports
• 2010.09 [securelist] The antivirus weather forecast: cloudy
• 2010.09 [securelist] Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem
• 2010.08 [krebsonsecurity] Anti-virus Products Struggle Against Exploits
• 2010.08 [virusbulletin] A third of anti-malware products fail to secure Vista Business Edition, Virus Bulletin reveals
• 2010.08 [krebsonsecurity] Anti-virus Products Mostly Ignore Windows Security Features
• 2010.07 [krebsonsecurity] Rogue Antivirus Victims Seldom Fight Back
• 2010.07 [securelist] Anti-virus testing – to believe or not to believe
• 2010.06 [krebsonsecurity] Anti-virus is a Poor Substitute for Common Sense
• 2010.05 [welivesecurity] Test Toot Suite: Antivirus Vendors Blowing Own Horn
• 2010.05 [greyhathacker] Fake Antivirus “Security Tool” terminating new processes
• 2010.04 [krebsonsecurity] Rogue Antivirus Gangs Seize on McAfee Snafu
• 2010.04 [securelist] Rogue Anti Virus: Scaring people with Task Manager
• 2010.04 [welivesecurity] Guest Blog: How free is free Antivirus?
• 2010.04 [trendmicro] Rogue Antivirus Leads to an Adult Site
• 2010.03 [welivesecurity] Virus, Anti-Virus, Fake Anti-Virus
• 2010.03 [krebsonsecurity] Bad BitDefender Antivirus Update Hobbles Windows PCs
• 2010.03 [techorganic] Fight scareware: Learn how your anti-virus works
• 2010.03 [greyhathacker] Fake Antivirus “XP Guardian 2010” exe hijacking
• 2010.03 [trendmicro] Spammers Target Antivirus Companies
• 2010.02 [welivesecurity] NOD32 Antivirus for Mac: Some Questions
• 2009.11 [securelist] Rogue antivirus: a growing problem
• 2009.11 [talosintelligence] Paranoia and the rise of fake antivirus
• 2009.10 [securelist] The evolution of rogue antivirus
• 2009.10 [welivesecurity] Antivirus? Who Needs It?
• 2009.10 [virusbulletin] 11 out of 26 anti-virus products fail VB100 certification
• 2009.09 [sans] Fake anti-virus
• 2009.07 [trendmicro] Rogue Antivirus Terminates EXE Files
• 2009.06 [trendmicro] Air France Flight 447 Search Results Lead to Rogue Antivirus
• 2009.06 [pediy] [Anti Virus专题]1.7 - 打造DLL内存加载引擎.
• 2009.05 [trendmicro] Fake Antivirus Targets Brazil
• 2009.05 [sans] Is your Symantec Antivirus Alerting working correctly?
• 2009.05 [pediy] [Anti Virus专题]长度反汇编引擎的打造
• 2009.04 [pediy] [Anti Virus专题]1.2 - 4.PE结构、SEH相关知识掌握
• 2009.04 [pediy] [Anti Virus专题]1.2 - 3.hash扫描获得api函数地址
• 2009.04 [pediy] [Anti Virus专题]1.2 - 2.kernel32基地址获得
• 2009.04 [pediy] [Anti Virus专题]1.2 - 1.病毒的重定位技术
• 2009.01 [virusbulletin] Virus Bulletin announces new anti-spam certification scheme
• 2008.12 [trendmicro] Yet More Fake (And Malicious) Antivirus
• 2008.09 [sans] Fake antivirus 2009 and search engine results
• 2008.08 [trendmicro] Fake Antivirus Trojans Ramping Up
• 2008.08 [securelist] Antivirus Fraudware Goes Mobile?
• 2008.07 [sans] Is Anti-Virus Dead?
• 2008.04 [securelist] Changing threats, changing solutions: A history of viruses and antivirus
• 2008.02 [sans] Does your anti-virus detect old keyloggers?
• 2007.12 [sans] Anti-virus Control means blocking before scanning
• 2007.10 [sans] Cyber Security Awareness Tip #8: Anti-Virus, Anti-Spyware, and Other Protective Software
• 2007.09 [sans] AOL changes the free anti-virus they distribute
• 2007.07 [sans] Antivirus: The emperor is naked
• 2007.06 [pelock] Kaspersky Anti-Virus v6.0.2 vs OllyDbg
• 2007.03 [sans] Comparing Anti-Virus Solutions
• 2007.02 [sans] TrendMicro Anti-Virus vulnerability
• 2006.12 [securelist] Are all antivirus created equal?
• 2006.11 [securelist] Antivirus and Vista
• 2006.10 [trendmicro] Free Antivirus Installation… By A Trojan
• 2006.09 [sans] CA eTrust Antivirus [was] flagging lsass.e x e
• 2006.06 [securelist] And some thoughts on the anti-virus industry
• 2006.05 [sans] Critical vulnerability in Sophos Anti-Virus products
• 2006.01 [trendmicro] Anti-Virus or Pro-Virus?
• 2006.01 [securelist] No rootkit in Kaspersky Anti-Virus
• 2006.01 [sans] 2nd generation WMF exploit: status of the anti-virus products after one day.
• 2005.11 [securelist] The contemporary antivirus industry and its problems
• 2005.10 [sans] Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow
• 2005.10 [sans] Kaspersky Anti-Virus Products Remote Heap Overflow Vulnerability
• 2005.08 [infosecblog] Symantec Antivirus 9 Privilege Escalation
• 2005.05 [sans] Google Web Accelerator continued; phpBB 2.0.15 released; Backdoors more popular than Viruses?; Anti-Spyware poll results; Google.com DNS glitch; SQL server 2000 SP4
• 2005.04 [securelist] Kaspersky Anti-Virus Web Scanner
• 2005.02 [securelist] Spammers hide from antivirus vendors
• 2004.11 [sans] An anti-virus goof; security awareness; and a return visit from some old friends; phishers, and sasser
• 2004.11 [sans] MS Security Alert Advanced Notice, Cisco PIX Source Code Reported Stolen, Open Letter to Anti-Virus Software Companies
• 2004.10 [securelist] The changing antivirus landscape
• 2004.10 [securelist] Antivirus updating – why it’s more important than ever before
• 2004.10 [securelist] Traditional antivirus solutions – are they effective against today’s threats?
• 2004.02 [sans] Flaws in Checkpoint and RealOne; MyDoom Update; AntiVirus Software; Data Call
• 2004.01 [sans] Microsoft patches released; H.323 vulnerabilities; Anti-virus engine vulnerabilities; Citibank anti-fraud measures

<a id="4e403284d24b06f1830ddbe67a132408"></a>杀软/杀毒/杀

• 2020.03 [freebuf] RobbinHood勒索软件另辟渠道，通过驱动漏洞干翻杀毒软件
• 2020.03 [freebuf] BUF大事件丨天猫超市大数据“杀熟”？官方网友在线Battle；新版个人信息安全规范正式发布，隐私安全得到高度重视
• 2020.03 [aliyun] linux下java反序列化通杀回显方法的低配版实现
• 2020.02 [freebuf] FreeBuf早报 | 注意！工信部发布涉新冠肺炎疫情的网络安全风险提示；捷克当局就出售用户数据事件已着手调查杀毒公司Avast；超过600次安装的WordPress Cookie Consent插件易受黑客攻击
• 2020.01 [freebuf] CVE-2018-8174双杀漏洞分析复现及防御
• 2020.01 [freebuf] 技术研究 | 如何绕过杀毒软件自我保护
• 2020.01 [tencent] 腾讯安全紧急发布CVE-2020-0601漏洞利用恶意样本专杀工具
• 2019.12 [freebuf] 不传之密：杀毒软件开发之二，感染型病毒查杀、启发式杀毒
• 2019.12 [freebuf] 勒索软件Snatch利用安全模式绕过杀毒软件
• 2019.12 [freebuf] uTorrent被多个杀软拦截，疑似捆绑推广行为导致
• 2019.12 [freebuf] 挖洞经验 | 从Avast杀毒软件发现价值5000美金的反射型XSS
• 2019.11 [4hou] 云安全：在 AWS 中使用 IAM 角色打破攻击者的斩杀链
• 2019.11 [21cnbao] 宋宝华: 僵尸进程的成因以及僵尸可以被“杀死”吗？
• 2019.10 [aliyun] 64 位 elf 的 one_gadget 通杀思路
• 2019.10 [4hou] 网络安全面临“隐形杀手” 360乌镇放飞“预警机”
• 2019.10 [4hou] 三起利用ODT文件格式绕过杀毒引擎的攻击案例分析
• 2019.08 [aliyun] 记一次AWD反杀之旅
• 2019.08 [freebuf] FreeTalk北京站开放报名，集齐10个回忆杀可领取华为P30 Pro！
• 2019.08 [4hou] 助力民航网安 安天力推实战化威胁猎杀
• 2019.08 [4hou] 通过修改FILE_OBJECT文件路径来绕过杀毒软件查杀的Post-Exploitation技术
• 2019.07 [qq] LOL云顶之弈外挂来袭！是秒杀？是加速？还是盗号与诈骗？
• 2019.07 [4hou] 实战化威胁猎杀,让威胁无处遁形——“美向俄电网植入恶意代码”等有关报道带来的启示
• 2019.07 [freebuf] 网络爬虫暗藏杀机：在Scrapy中利用Telnet服务LPE
• 2019.07 [4hou] 深度剖析杀猪盘系列要来了
• 2019.06 [4hou] 比Mirai僵尸网络和BrickerBot更厉害的物联网大杀器终究还是出现了。背后的开发者竟是一个14岁的骚年！
• 2019.06 [4hou] 杀敌一万自损三千：看我如何用三个漏洞攻陷微软“攻击分析器”
• 2019.06 [4hou] 云查杀：云安全不可或缺的安全组件
• 2019.06 [360] 内网大杀器利用：CVE-2019-1040漏洞
• 2019.05 [aliyun] 高级ROP ret2dl_runtime 之通杀详解
• 2019.05 [aliyun] 某shop API接口前台注入(通杀3.X)
• 2019.04 [freebuf] 因广告欺诈及滥用权限，百度子公司数十款应用被Google Play封杀
• 2019.04 [secvul] 权限维持 - Windows系统隐藏账号创建及查杀
• 2019.04 [aliyun] 从0到1掌握AWD攻防之RSA必杀
• 2019.04 [tencent] 新型勒索病毒自称“不死锁”入侵企业 腾讯御点强势“锁定”查杀
• 2019.03 [freebuf] 传奇私服暗藏杀机，亡灵病毒肆虐江湖
• 2019.03 [tencent] 永恒之蓝下载器木马再更新：增肥木马逃避查杀
• 2019.03 [freebuf] 回忆杀！CS 1.6 服务器已成为恶意软件的传播渠道
• 2019.03 [360] “水滴”来袭：详解Binder内核通杀漏洞
• 2019.03 [venus] “水滴”来袭：详解 Binder 内核通杀漏洞
• 2019.03 [] “水滴”来袭：详解Binder内核通杀漏洞
• 2018.12 [aliyun] 某 cms v4.2.126-通杀sql注入
• 2018.12 [freebuf] 杀妻骗保案，网络色情产业或许是其中推手
• 2018.12 [pediy] [原创]CVE-2018-8174 “双杀”0day 从UAF到Exploit
• 2018.12 [4hou] 瑞星“狮子”没有消失：对抗勒索病毒，防比杀更重要
• 2018.11 [pediy] [翻译] VT杀毒厂商引擎比较
• 2018.11 [4hou] 厉害了！Linux加密货币挖矿机可删除杀毒软件
• 2018.11 [riusksk] 从杀软之殇谈产品
• 2018.11 [riusksk] 从杀软之殇谈产品
• 2018.11 [freebuf] 百度杀毒已死，曾承诺“不骚扰、不窃取、不胁迫”
• 2018.11 [freebuf] 自杀式“埋雷”，微信埋雷专家病毒分析
• 2018.11 [tencent] 注意！双平台挖矿木马MServicesX借用白签名躲避杀毒软件
• 2018.09 [360] “响尾蝶”病毒：隐藏在手机底层的致命杀手
• 2018.08 [4hou] 记一次新型CC通信木马反查杀的姿势研究
• 2018.07 [360] “镜像杀机”劫持首页木马分析
• 2018.07 [huorong] 真实案例：火绒帮助山东省某地震局解决内网中病毒屡杀不绝难题
• 2018.07 [freebuf] Parity多重签名函数库自杀漏洞
• 2018.07 [hardenedlinux] 隐蔽战争纪元之猎杀暗影：固件自由战争之阻击”Ring -3”世界的恶魔
• 2018.07 [4hou] 微信支付“0元购”漏洞暗藏杀机，消费者或卷入诈骗风波
• 2018.07 [360] 分析杀毒软件BitDefender中的整数溢出漏洞（第二部分）——漏洞利用
• 2018.07 [360] 分析杀毒软件BitDefender中的整数溢出漏洞（第一部分）
• 2018.06 [pediy] [原创]ESP定律脱壳卡巴斯基Sality专杀程序
• 2018.06 [aliyun] Bitdefender杀毒软件整数溢出漏洞分析 Part 1：漏洞本身
• 2018.06 [freebuf] 将“窃取隐私的贼”扼杀在襁褓中
• 2018.06 [360] win10内存花式执行meterpreter并绕过杀毒软件
• 2018.06 [freebuf] CVE-2018-8174 “双杀”0day漏洞复现
• 2018.05 [qq] 【游戏漏洞】Dnf游戏漏洞挖掘第4期 全屏秒杀+远程CALL
• 2018.05 [sec] 数据秒杀认知：沉浸在鬼市中的比特币算力
• 2018.05 [qq] 【游戏漏洞】《魔域》端游外挂杀怪统计分析
• 2018.05 [sec] 数据秒杀认知：比特币地下与地上生态分割
• 2018.05 [freebuf] 一项有趣的实验：装了杀软的主机真的安全吗？
• 2018.05 [freebuf] APT-C-06组织在全球范围内首例使用“双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源
• 2018.05 [4hou] 双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源
• 2018.05 [] APT-C-06组织在全球范围内首例使用“双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源
• 2018.05 [freebuf] 一个Linux平台的门罗币挖矿木马的查杀与分析
• 2018.05 [360] 一个Linux平台的“门罗币”挖矿木马的查杀与分析
• 2018.05 [freebuf] 杀毒软件之死：RSA 2018终端厂商及产品趋势解读
• 2018.04 [pediy] [原创]植物大战僵尸全屏秒杀
• 2018.04 [4hou] Early Bird代码注入可绕过杀毒软件检测
• 2018.04 [freebuf] 基于TaskKill命令防杀的进程保护
• 2018.04 [freebuf] 利用.MF后缀文件猥琐绕过火绒杀毒测试
• 2018.04 [freebuf] 银行提款机惊现病毒：绕过杀毒软件达到牟利目的
• 2018.03 [4hou] 如何对抗史上杀伤力最强的勒索软件“Zenis”
• 2018.03 [pediy] [原创]实现关闭进程函数,杀掉pchunter
• 2018.03 [pediy] [原创]X64系统中WIN32程序应用层拦截驱动层交互的通杀方案
• 2018.03 [freebuf] 全面封杀：Google将禁止与加密货币相关的所有广告内容
• 2018.03 [freebuf] 解密古老又通杀的路由器攻击手法：从嗅探PPPoE到隐蔽性后门
• 2018.03 [4hou] 利用INF-SCT文件执行绕过，规避查杀和持久性的技术
• 2018.02 [qq] 【二月专题】FPS游戏连发秒杀分析
• 2018.02 [aliyun] 深度学习PHP webshell查杀引擎demo
• 2018.01 [freebuf] 钓鱼邮件传播勒索病毒再升级，不落地加大查杀难度
• 2018.01 [qq] 钓鱼邮件传播勒索病毒再升级，不落地加大查杀难度
• 2018.01 [freebuf] 记一次诈骗反制行动 | 电信诈骗犯偶遇白帽子，一顿操作惨遭反杀
• 2018.01 [] APT-C-06组织在全球范围内首例使用“双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源
• 2018.01 [4hou] 前NSA黑客逆向卡巴斯基杀软，创建签名检测机密文件
• 2018.01 [pediy] [分享]植物大战僵尸 <秒杀>
• 2017.12 [qq] 【游戏漏洞】《亡灵杀手2》内购破解分析
• 2017.12 [pediy] [原创][提供ida签名]逆向小红伞杀毒软件驱动——avdevprot
• 2017.11 [pediy] [原创]逆向小红伞杀毒软件--avkmgr
• 2017.11 [4hou] IoT设备安全斩杀链剖析
• 2017.11 [4hou] 高能预警！杀毒软件如何被反利用，为恶意软件入侵系统敞开大门？
• 2017.11 [4hou] 黑客辞典：什么是“网络杀伤链”？为什么并非适用于所有的网络攻击？
• 2017.11 [freebuf] 优惠预警｜FIT 2018大会门票“双十一” 限时秒杀
• 2017.10 [secist] 打造一款1kb大马并且处理D盾以及安全狗拦截与查杀
• 2017.10 [360] 揭秘通杀多款趋势科技产品的RCE漏洞
• 2017.09 [4hou] 善用工具绕过杀毒软件和HIPS的流量检测
• 2017.09 [4hou] “密码找回”功能暗藏杀机，可绕过Windows auth &BitLocker
• 2017.09 [4hou] 杀人无形：黑客可以远程访问注射器输液泵，为病人输入致命剂量
• 2017.09 [freebuf] HTTPS劫匪木马暴力升级：破坏ARK攻击杀软
• 2017.09 [4hou] HTTPS劫匪木马暴力升级：破坏ARK攻击杀软
• 2017.09 [360] HTTPS劫匪木马暴力升级：破坏ARK攻击杀软
• 2017.08 [4hou] 如何判断你是个牛×黑客：使用C#加密攻击载荷来绕过杀毒软件
• 2017.08 [360] 如何使用C#加密攻击载荷来绕过杀毒软件
• 2017.08 [freebuf] 绕过杀毒软件与主机入侵防御系统对流量的检测
• 2017.08 [freebuf] 老毛桃PE盘工具木马：一款“通杀”浏览器的主页劫持大盗
• 2017.08 [aliyun] 威胁猎杀与主动取证
• 2017.08 [pediy] [翻译]Forcepoint 发现 URSNIF 变种通过收集鼠标移动轨迹判断是否处于沙盒以绕过查杀
• 2017.07 [aliyun] 【译】黑夜的猎杀-盲打XXE
• 2017.07 [4hou] 屡禁不止：一个敢于将自己注入到杀毒软件中的斗士
• 2017.06 [qq] 暗云风暴再度来袭 腾讯电脑管家率先查杀
• 2017.06 [aliyun] 【原创】秒抢红包锁屏样本手动查杀操作
• 2017.05 [pediy] [原创]LPK病毒专杀C语言编写
• 2017.05 [qq] 【火影忍者】IOS秒杀、怪物不攻击、无限技能外挂分析
• 2017.05 [] [技术原创] WanaCrypt0r勒索病毒：20款杀软主防测试
• 2017.05 [nsfocus] wannaCry(想哭)蠕虫病毒查杀及善后应急方案
• 2017.05 [moxia] 如何在Win下查杀Linux恶意文件
• 2017.05 [aliyun] 内网大杀器！Metasploit移植MS17-010漏洞代码模块利用
• 2017.05 [4hou] 内网大杀器！Metasploit移植MS17-010漏洞代码模块利用
• 2017.04 [freebuf] 利用Pentestbox打造MS17-010移动"杀器"
• 2017.04 [freebuf] 影子经纪人曝光的NSA大杀器可能与Stuxnet相关
• 2017.04 [freebuf] Python安全运维实战：针对几种特定隐藏方式的Webshell查杀
• 2017.04 [freebuf] 【思路分享】如何在Win下查杀Linux恶意文件
• 2017.04 [freebuf] 【原创连载小说】《杀手》第二章：黑夜来临
• 2017.03 [4hou] 通过DNS通信绕过杀毒软件进行木马传输
• 2017.03 [4hou] 如何通过ARP通信绕过杀毒软件并种植木马？
• 2017.03 [freebuf] 一种会话劫持技术通杀全部Windows版本，但这真的是漏洞吗…
• 2017.03 [freebuf] 【原创连载小说】《杀手》第一章：网络杀手
• 2017.03 [nxadmin] 如何最大化的将漏洞扼杀在摇篮里
• 2017.02 [freebuf] 下一个猎杀目标：近期大量MySQL数据库遭勒索攻击
• 2017.02 [aliyun] 一种远程检测用户杀软的简单方法
• 2017.02 [4hou] 一种远程检测用户杀软的简单方法
• 2017.02 [360] 利用 Flash 远程检测客户端安装的杀软
• 2017.01 [360] 解密一个反杀毒恶意驱动
• 2017.01 [freebuf] 一款恶性Rootkit木马分析 ——“狼人杀”木马潜伏数十万台电脑
• 2016.12 [qq] 一款恶性Rootkit木马分析 ——“狼人杀”木马潜伏数十万台电脑
• 2016.12 [360] CVE-2016-8655:Linux内核通杀提权漏洞（21:45更新POC）
• 2016.11 [8090] 谷歌工程师：杀毒软件根本没什么用
• 2016.11 [4hou] 卡巴斯基怒呛微软！指责Windows10实施杀毒软件不公平竞争
• 2016.11 [qq] 装机系统暗藏木马，强对抗杀毒软件
• 2016.10 [pediy] 通杀所有系统的硬件漏洞？聊一聊Drammer，Android上的RowHammer攻击
• 2016.10 [aliyun] 通杀所有系统的硬件漏洞？聊一聊Drammer，Android上的RowHammer攻击
• 2016.10 [360] CVE-2016-5195 脏牛漏洞：Linux内核通杀提权漏洞（10.27 10:30更新）
• 2016.10 [] Linux内核通杀提权漏洞预警
• 2016.10 [freebuf] “杀手”木马：一个浏览器恶意插件行为分析
• 2016.10 [qq] “杀手”木马——一个浏览器恶意插件行为分析
• 2016.10 [4hou] “秘密网络”还是“破网一张”？美国无人机已成为“反恐”幌子下滥杀无辜的工具
• 2016.10 [4hou] 史上最大规模DDoS元凶现身，Mirai 僵尸网络遭追杀
• 2016.09 [4hou] 制造一款能绕开杀毒软件的恶意软件需要多长时间?
• 2016.09 [freebuf] 【WitAwards 2016 “年度安全产品”参评巡礼】做最干净的杀毒软件：火绒安全软件评测
• 2016.09 [4hou] 新型安卓木马Tordow已大开杀戮
• 2016.09 [topsec] 攻防对抗之杀软穿透驱动揭秘
• 2016.09 [360] 逆向分析EXTRABACON——针对思科ASA防火墙的大杀器
• 2016.09 [freebuf] Python勒索软件来袭，国产杀软集体失身
• 2016.09 [8090] 手机APP暗藏杀机：SexTrap色情病毒解析
• 2016.09 [freebuf] 色情手机APP暗藏杀机：SexTrap病毒解析
• 2016.09 [360] 禁用了PowerShell又如何？看我如何用PowerShell绕过应用白名单、环境限制、以及杀毒软件
• 2016.08 [avlsec] 色情应用暗藏杀机，宅男福利竟成“灾难降临”
• 2016.08 [8090] 代码战争：伪装和狙杀，从“壳”到“病毒混淆器
• 2016.08 [freebuf] 代码战争：伪装和狙杀，从“壳”到“病毒混淆器”
• 2016.08 [freebuf] 围观方程式组织“杀器”ExtraBacon，思科新版ASA防火墙也遭殃
• 2016.07 [] 别一言不合就退杀软
• 2016.07 [] 别一言不合就退杀软
• 2016.07 [8090] Debian创始人的死亡被认定为自杀
• 2016.06 [freebuf] ISIS发布“黑客猎杀名单”
• 2016.06 [freebuf] 通杀全版本Windows的0day漏洞？黑客只卖9万美元
• 2016.06 [8090] 安装了杀毒软件你的电脑就安全了吗?
• 2016.05 [freebuf] 剪贴板劫持：复制粘贴中暗藏杀机
• 2016.05 [freebuf] 看我如何用XSS“干掉”8/9的顶级杀软厂商
• 2016.05 [freebuf] 惊心命局：心脏手术中杀软扫描引医疗设备死机
• 2016.05 [moxia] CVE-2016-5195脏牛漏洞：Linux内核通杀提权漏洞
• 2016.05 [8090] 杀毒软件工程师自编病毒 3万QQ用户感染
• 2016.04 [freebuf] 那些年，我们用来“躲避”杀毒软件的工具
• 2016.04 [freebuf] PowerWare：勒索软件如何温柔地借刀杀人
• 2016.04 [freebuf] 通杀Windows的Badlock是啥？该如何修复？
• 2016.04 [freebuf] “通杀Windows”的BadLock漏洞是怎么被玩坏的？
• 2016.04 [] 一个不应该出现的错误导致phpcmsV9.6被秒杀
• 2016.04 [360] 近期js敲诈者的反查杀技巧分析
• 2016.03 [qq] 有杀气童话游戏秒杀无敌漏洞分析报告
• 2016.03 [freebuf] 某杀毒软件的crash dump 分析
• 2016.03 [8090] 6大手动杀毒软件
• 2016.03 [freebuf] 360端游终极火力“隐身”、“秒杀”等漏洞解析
• 2016.02 [freebuf] 外媒质疑美国安局（NSA）天网，或已误杀千人
• 2016.01 [] 别一言不合就退杀软
• 2016.01 [freebuf] 黑客组织匿名者(Anonymous)攻击日本机场网站，抗议捕杀海豚活动
• 2016.01 [freebuf] 趋势科技杀毒软件被曝严重漏洞，黑客能够窃取你的所有密码
• 2016.01 [qq] 有杀气童话竞技场直接胜利漏洞分析报告
• 2015.12 [360] 企业级应用杀手：针对Microsoft Outlook的攻击向量－BadWinmail
• 2015.12 [freebuf] 使用Python Shells绕过杀毒软件
• 2015.12 [freebuf] 杀器BLUTO：DNS探测+域名猜解+邮箱枚举
• 2015.12 [freebuf] N3XT芯片：秒杀传统硅芯片1000遍
• 2015.12 [qq] 花千骨游戏秒杀无敌漏洞分析报告
• 2015.12 [nsfocus] Java反序列化漏洞被忽略的大规模杀伤利用
• 2015.12 [sec] 内部威胁杀伤链
• 2015.11 [freebuf] 态势感知将DDOS扼杀在摇篮中：涉及数千台PostgreSQL服务器
• 2015.11 [freebuf] “5hm00p”：全球首位公开参与特定目标猎杀的黑客
• 2015.11 [sec] 一个关于杀伤链与反杀伤链的PPT（第一版完成）
• 2015.11 [pediy] [原创][开源]杀毒软件的框架设计
• 2015.11 [freebuf] 黑市热卖杀器GovRAT：恶意软件数字签名平台
• 2015.11 [freebuf] 从一个锁主页木马里挖出的惊天“暗杀黑名单”
• 2015.10 [secist] 【漏洞预警】CVE-2016-5195脏牛漏洞：Linux内核通杀提权漏洞（10.21 13:41更新）
• 2015.10 [qq] 有杀气童话技能无CD无耗蓝及弱怪漏洞分析报告
• 2015.10 [freebuf] 警方杀器X射线货车：你的一切无所遁形
• 2015.10 [8090] windows手工查杀笔记
• 2015.10 [freebuf] 杀毒软件Avast被曝0day漏洞，可被利用在用户电脑上执行恶意代码
• 2015.10 [freebuf] 挡人财路！俄国大蜘蛛杀毒软件Dr.Web遭黑客燃烧弹物理攻击
• 2015.09 [] 关于反杀伤链的思考
• 2015.09 [sec] 关于反杀伤链的思考
• 2015.07 [freebuf] 埃隆·马斯克和史蒂芬·霍金联合警告：小心“机器人杀手”
• 2015.07 [] 大汉网络0day通杀所有系统和版本
• 2015.07 [] qibo通杀csrf+存储xss+分析明文账号密码进后台+成功getshell
• 2015.07 [freebuf] 韩国特工因Hacking Team事件自杀，死前留书否认监视民众
• 2015.07 [freebuf] 一夜回到解放前：英国政府将封杀WhatsApp、iMessage和Snapchat
• 2015.07 [freebuf] 权限杀手新变种分析报告
• 2015.06 [freebuf] 研究人员再次发现网银木马Zeus变体，可绕过全部杀毒软件
• 2015.06 [qq] 疾风之刃幽灵外挂刀刀秒杀外挂原理分析
• 2015.05 [freebuf] 国产杀毒软件连续因“作弊”遭全球权威评测机构指责
• 2015.04 [] 隐私泄露杀手锏 —— Flash 权限反射
• 2015.04 [freebuf] 硅谷遇上底特律：2015美国汽车安全峰会参展纪实（多图杀猫）
• 2015.03 [] NiubiCMS通杀SQL注入一枚
• 2015.03 [freebuf] 技术分析：重打包的安卓应用是如何绕过杀毒软件盗取你QQ的
• 2015.03 [pediy] [原创]14可用过某父进程查杀
• 2015.03 [pediy] [原创]百度杀毒 BDMWrench 驱动缓冲区溢出漏洞
• 2015.03 [freebuf] Pwn2Own战报：腾讯、360各显神通，分别秒杀IE、Flash、PDF项目
• 2015.03 [freebuf] U盘杀手：俄罗斯研究人员利用U盘引爆一台电脑
• 2015.03 [freebuf] 尴尬了：杀毒软件熊猫卫士误标记自己为病毒，成功自杀
• 2015.03 [qq] FBI敲诈病毒来袭 哈勃首发专杀工具
• 2015.03 [freebuf] 域名阴影（Domain Shadowing）技术：知名钓鱼攻击工具包Angler Exploit Kit又添杀招
• 2015.03 [freebuf] ISIS支持者向Twitter创始人发出死亡威胁：将追杀所有Twitter员工
• 2015.01 [] 权限杀手新变种报告
• 2015.01 [] phpshe注入漏洞(目测通杀)
• 2014.12 [freebuf] 《刺杀金正恩》被禁，但你也许能在BT上看到它
• 2014.12 [] ThinkOX全版本通杀0day
• 2014.12 [] 用Webshell直接杀入内网
• 2014.11 [freebuf] 金玉其外败絮其中：百度杀毒“雪狼引擎”逆向分析
• 2014.11 [jowto] 绕过百度杀毒溢出保护的一些方法
• 2014.11 [freebuf] 手机解锁用密码而不是Touch ID，纵容了杀妻嫌疑犯
• 2014.10 [] SupeSite 通杀注射以及后台getshell
• 2014.09 [freebuf] 深度：为什么Google急着杀死加密算法SHA-1
• 2014.08 [3xp10it] 管理员权限杀卡巴斯基进程
• 2014.08 [3xp10it] 管理员权限杀卡巴斯基进程
• 2014.08 [] 播放器暗藏远控木马 360独家提供查杀方案
• 2014.07 [] 方维团购4.3最新版sql注入通杀4.2
• 2014.07 [pediy] [讨论]谈一谈，做一个杀毒软件，必备的Windows驱动程序
• 2014.06 [] phpok通杀前台getshell 4.0.515官方demo测试成功
• 2014.05 [pediy] [原创]简单实现MD5文件查杀
• 2014.05 [] 动易系统通杀存储型XSS漏洞
• 2014.05 [] PHPCMS全版本通杀SQL注入漏洞
• 2014.05 [freebuf] 赛门铁克想要重新发明杀毒软件
• 2014.04 [] DedeCMS另一处全版本通杀SQL注入
• 2014.04 [] 方维团购系统漏洞sql 通杀到最新4.2
• 2014.03 [] 骑士人才（74CMS）3.X通杀XSS
• 2014.03 [] Destoon全版本通杀SQL注入
• 2014.02 [freebuf] DedeCMS全版本通杀SQL注入漏洞利用代码及工具
• 2014.02 [] Dedecms 最新通杀注入分析
• 2014.02 [freebuf] 号称可杀灭99.9%恶意程序的安全工具 – Rootkit Hunter
• 2014.02 [] 骑士cms人才系统 通杀SQL注入
• 2014.02 [] 骑士cms人才系统 又一通杀
• 2014.02 [] macCMS 全版本通杀SQL注射（包括最新7.x）
• 2014.01 [] 播放器暗藏远控木马 360独家提供查杀方案
• 2014.01 [] 浏览器杀手 ：“暗杀黑帮”木马的技术分析
• 2014.01 [] dedecms xss 0day通杀所有版本 可getshell
• 2013.12 [] 金山软件wps2012-2013通杀漏洞
• 2013.11 [] cmstop通杀注入漏洞
• 2013.11 [freebuf] Google机器人被用于执行SQL注入攻击，通杀Web应用防火墙
• 2013.10 [] Destoon最新全版本通杀SQL注入漏洞
• 2013.10 [] ecmall 2.x通杀SQL注入漏洞分析及利用 附EXP
• 2013.09 [freebuf] 对国内各种安全卫士产品的一种通用虐杀、DLL注入、本地代码执行的方法
• 2013.08 [freebuf] 观点：杀毒软件，这样是否会更好？
• 2013.08 [] encode msf shellcode绕过杀毒
• 2013.07 [] ThinkPHP框架通杀所有版本的一个SQL注入漏洞详细分析及测试方法
• 2013.07 [freebuf] 浅谈Android手机木马手工查杀
• 2013.06 [u011069813] 在Android平台上发现新的恶意程序伪装成杀毒软件挟持设备
• 2013.06 [freebuf] 百度新推出杀毒软件“百度杀毒”评测
• 2013.06 [freebuf] 暗组Web杀毒 2.5 启发式查杀 0611 端午版
• 2013.06 [] Gbbs微论坛拿shell通杀漏洞
• 2013.06 [pediy] [原创]BD杀毒新版评测
• 2013.04 [pediy] [分享]对百度杀毒软件hook的一点分析[更1]
• 2013.04 [] 最新易想团购系统通杀SQL注入漏洞分析附利用exp
• 2013.04 [freebuf] 易想团购系统通杀SQL注入漏洞分析及利用
• 2013.04 [freebuf] Anonymous组织在大屠杀纪念日展开对以色列的“屠杀”
• 2013.03 [freebuf] Espcms通杀SQL注入漏洞分析(附EXP)
• 2013.03 [pediy] [原创] 360检测杀软分析
• 2013.02 [] dzX 2.0/2.5通杀0day 存储型XSS一枚
• 2013.02 [] 通达OA 2011-2013 通杀GETSHELL修复补丁
• 2013.01 [freebuf] 黑客亚伦·斯沃茨曾在自杀前119天发出过一些求助信息
• 2013.01 [freebuf] 26岁计算机黑客亚伦·斯沃茨自杀身亡
• 2012.12 [freebuf] IE浏览器鼠标坐标跟踪安全风险,通杀全版本
• 2012.11 [freebuf] 堪比美剧！John McAfee否认谋杀，正在逃亡
• 2012.11 [] phpweb成品网站全版本通杀注入漏洞
• 2012.11 [freebuf] McAfee创始人涉嫌谋杀被通缉
• 2012.11 [pediy] [原创]一病毒分析和杀毒
• 2012.09 [freebuf] 杀毒软件将自己识别为恶意程序
• 2012.09 [jinzhuojun] Windows中根据进程名找到进程并杀死
• 2012.08 [pediy] [原创]Android程序开机启动杀手Autorun Manager破解
• 2012.07 [] Wp暴目录漏洞-全版本通杀
• 2012.05 [] 正方软件现代教学管理系统通杀0day
• 2012.05 [] ecshop后台最新拿shell方法，支持最新2.72版本。通杀最新版本后台低权限
• 2012.02 [pediy] [原创]lpk.dll劫持病毒分析[附查杀工具及源码]
• 2012.02 [] 通杀WIN服务器得明文密码神器
• 2012.02 [pediy] [原创]蠕虫专杀工具源码（VC）+蠕虫样本
• 2011.12 [pediy] [原创]谈谈 通杀SSDT hook和Shadow SSDT hook的方法
• 2011.10 [] 社工秒杀hostloc
• 2011.10 [pediy] [原创]腾讯2008第三阶段专杀过程思路
• 2011.08 [pediy] [原创]ldj.exe的分析！并附上部分专杀代码
• 2011.08 [pediy] [原创]变形过云查杀
• 2011.07 [pediy] [原创]Delphi编写的LPK.DLL专杀，可清理RAR
• 2011.04 [pediy] [原创]暴力强杀进程代码
• 2011.04 [pediy] [原创]简单云查杀客户端源代码
• 2011.04 [pediy] [翻译]The Case of the Sysinternals-Blocking Malware——虚拟桌面程序来协助你手动杀毒
• 2011.04 [pediy] [原创]三线程防杀2测试(更新)原理已发布
• 2011.03 [pediy] [推荐]关于三线程防杀的一些思想和VC代码
• 2011.02 [pediy] [翻译]每周译闻——帮你杀毒的木马
• 2011.02 [pediy] [原创]蜘蛛纸牌 DIY 秒杀功能
• 2011.02 [pediy] [原创]流行杀毒软件对恶意PDF文档检测的概括性分析
• 2011.02 [pediy] [原创]对抗启发式查杀与虚拟机查杀
• 2011.01 [pediy] [原创]一招秒杀感染文件中的病毒代码
• 2010.11 [pediy] [原创]通过重映射+CRC32来过杀毒软件虚拟机的动态行为检查
• 2010.11 [pediy] [原创]病毒专杀编写攻略之ring3篇
• 2010.09 [pediy] [原创]提权大杀器源代码分析报告[最新修改]
• 2010.08 [pediy] [原创]一个弱脚本病毒分析查杀
• 2010.08 [pediy] [原创]多态性vs 云查杀
• 2010.08 [pediy] [原创]Worm.Parite.Residented 详细分析+专杀工具src
• 2010.06 [pediy] [原创]delphi版内核插apc杀进程代码
• 2010.02 [pediy] [原创]某杀毒软件 Create过滤函数中获得全路径的方法。
• 2010.01 [pediy] [原创]Delphi Virus.Win32.Induc.a 专杀的源代码
• 2009.12 [pediy] [原创]暴风一号蠕虫病毒专杀详解
• 2009.12 [pediy] [原创]发一个暴力杀进程小工具源代码
• 2009.10 [pediy] [原创]发个使用Native API的编程示例代码：LzOpenProcess杀冰刃
• 2009.09 [pediy] [调查]2009 看雪Crackme大赛杀手排行榜
• 2009.09 [pediy] [原创]DebugActiveProcess 杀进程
• 2009.08 [pediy] [原创]Delphi Virus.Win32.Induc.a 专杀
• 2009.08 [pediy] [原创]手工杀毒
• 2009.08 [pediy] code:PspTerminateProcess杀进程
• 2009.08 [pediy] code:插APC杀进程
• 2009.07 [pediy] [原创]用户层关闭瑞星2009杀毒软件安全保护
• 2009.07 [pediy] [分享]为了获得邀请码，拿出很久以前写的进程防杀
• 2009.06 [pediy] [原创]杀鸡焉用牛刀，再探好听音乐网
• 2009.05 [pediy] [原创]Ring3内存清0杀进程
• 2008.10 [pediy] [原创]PE感染逆向之修复(Serverx.exe专杀工具出炉手记)
• 2008.09 [pediy] [原创]一种新的杀毒思路
• 2008.04 [pediy] [原创]广义ESP定律秒杀PECompact
• 2008.01 [pediy] [原创]一段蛮古老的杀线程代码
• 2007.11 [pediy] [原创]多桌面切换程序-通杀所有网管程序
• 2007.01 [pediy] [原创]360最新cnnic专杀工具－360SuperKill“破冰”技术逆向分析
• 2007.01 [pediy] 杀杀毒,灌灌水
• 2006.05 [pediy] 杀vm里的3个小花的ollyscript脚本
• 2006.02 [pediy] [求助]关于catch22上自杀代码在GCC下的编译问题.
• 2005.12 [pediy] 一个简单的自杀代码
• 2005.08 [pediy] 出现错误对话框的杀手锏－－暂停--初学者适用
• 2005.08 [pediy] [原创]《图章制作系统 V3.63》脱壳去校验解除自杀代码[分析篇]
• 2004.05 [pediy] 穿山甲小牛试刀之一+秒杀N层马甲之Nnewell的某KeyGenMe

<a id="b2d27225ff6394904396a2594c6df5e3"></a>远控免杀从入门到实践

• 2020.03 [freebuf] 远控免杀从入门到实践（8）-shellcode免杀实践
• 2020.03 [freebuf] 远控免杀从入门到实践(7)-代码篇-Golang+Ruby
• 2020.03 [freebuf] 远控免杀从入门到实践(6)-代码篇-Powershell
• 2020.03 [freebuf] 远控免杀从入门到实践(5)-代码篇-Python
• 2020.03 [freebuf] 远控免杀从入门到实践（4）：代码篇-C#
• 2020.03 [freebuf] 远控免杀从入门到实践(3)-代码篇-C/C++
• 2020.02 [freebuf] 远控免杀从入门到实践（一）：基础篇

<a id="b661c2ec8b7476a5c8e3937213995385"></a>恶意代码

• 2019.10 [HackersOnBoard] Black Hat USA 2016 AVLeak Fingerprinting Antivirus Emulators for Advanced Malware Evasion
• 2019.06 [arxiv] [1906.10625] Antiforensic techniques deployed by custom developed malware in evading anti-virus detection
• 2018.03 [ensilo] AV-TEST Verifies that the Next Generation Antivirus Features of the enSilo Endpoint Security Platform Deliver 100% Pre-Infection Malware Protection
• 2018.02 [heimdalsecurity] Security Alert: Hancitor Trojan Downloader Evades AV Detection, Drops Malware Cocktail
• 2017.11 [securityintelligence] 使用 AutoIt 脚本绕过 AV 检测的远控分析
• 2017.09 [360] 重磅!一种恶意软件绕过杀软的新方法
• 2017.05 [4hou] 免杀新姿势：利用线程将恶意代码注入到内存中
• 2016.10 [emsisoft] Emsisoft Anti-Malware earns Advanced+ rating in AV-Comparatives Performance Test
• 2016.10 [emsisoft] Emsisoft Anti-Malware rated top performer in AV-Comparatives Scanner Test
• 2015.07 [paloaltonetworks] New Android Malware Family Evades Antivirus Detection by Using Popular Ad
• 2015.04 [bogner] How Malware Evades Antivirus Detection
• 2015.04 [duo] Banking Malware Targets Wire Transfers; Evades Antivirus
• 2015.02 [lastline] Carbanak Malware — Ninety Five Percent Exhibits Stealthy or Evasive Behaviors
• 2014.07 [malwarebytes] Malwarebytes Anti-Malware Free scores 100% in AV-TEST removal test!
• 2014.04 [emsisoft] Emsisoft Anti-Malware Scores Advanced+ Rating in AV-Comparatives File Detection Test
• 2013.12 [freebuf] 恶意软件伪装成IIS模块加载，多数防毒产品免杀
• 2010.05 [sans] Malware modularization and AV detection evasion
• 2010.05 [elearnsecurity] Malware can bypass all Windows based AV’s

<a id="e92db1d2247da3a2fd0fce167afbac6a"></a>webshell

• 2020.02 [aliyun] Webshell免杀研究
• 2019.11 [aliyun] 绕过WebShell检测的总结之文件免杀
• 2019.05 [aliyun] 对于asp免杀webshell的一些总结
• 2019.05 [aliyun] 对于php免杀webshell的一些总结
• 2017.01 [freebuf] 绕过网站安全狗拦截，上传Webshell技巧总结（附免杀PHP一句话）
• 2014.08 [3xp10it] unserialize免杀webshell
• 2014.08 [3xp10it] php中&引用免杀webshell
• 2014.08 [3xp10it] unserialize免杀webshell
• 2014.08 [3xp10it] php中&引用免杀webshell
• 2013.08 [] Webshell过安全狗的几种技巧[附特征免杀法]

贡献

内容为系统自动导出, 有任何问题请提issue