Skip to content
/ GoRedOps Public

🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.

License

Unlicense license
327 stars 45 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

EvilBytecode/GoRedOps

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
APC_Injection
APC_Injection
 
 
AntiDebugNOPACKAGE
AntiDebugNOPACKAGE
 
 
AntiDebugPackage
AntiDebugPackage
 
 
BatchfileDeobfuscator
BatchfileDeobfuscator
 
 
CreateDLL
CreateDLL
 
 
EDR-XDR-AV-Killer
EDR-XDR-AV-Killer
 
 
ETWBypass
ETWBypass
 
 
Early_Bird_APC_Injection
Early_Bird_APC_Injection
 
 
GoDLLInjector
GoDLLInjector
 
 
GoObfuscator
GoObfuscator
 
 
Keylogger
Keylogger
 
 
Lifetime-AMSI-ETW-Bypass
Lifetime-AMSI-ETW-Bypass
 
 
LifetimeAMSIBypass
LifetimeAMSIBypass
 
 
Local_Mapping_Injection
Local_Mapping_Injection
 
 
Local_Payload_Execution
Local_Payload_Execution
 
 
PEParser
PEParser
 
 
ParentPIDSpoofing
ParentPIDSpoofing
 
 
Payload_Execution_Fibers
Payload_Execution_Fibers
 
 
Payload_Placement
Payload_Placement
 
 
Process_Injection_Shellcode
Process_Injection_Shellcode
 
 
ProtectProcess
ProtectProcess
 
 
Registry_Shellcode
Registry_Shellcode
 
 
Remote_Function_Stomping_Injection
Remote_Function_Stomping_Injection
 
 
Remote_Mapping_Injection
Remote_Mapping_Injection
 
 
Remote_Thread_Hijacking
Remote_Thread_Hijacking
 
 
RunPE
RunPE
 
 
Threadless_Injection
Threadless_Injection
 
 
crypto
crypto
 
 
injection_native_apc
injection_native_apc
 
 
injection_thread
injection_thread
 
 
instrumentation_callback
instrumentation_callback
 
 
misc
misc
 
 
network
network
 
 
process_dump
process_dump
 
 
sandbox
sandbox
 
 
self_remove
self_remove
 
 
srdi
srdi
 
 
token
token
 
 
wmi
wmi
 
 
GoRedOps.png
GoRedOps.png
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

GoRedOps

GoRedOps Logo

GoRedOps is a collection of Golang projects designed specifically for red teamers and offensive security operations. This repository provides various tools and techniques essential for penetration testing, exploitation, and security research.

Table of Contents

Project Structure

GoRedOps contains the following codes:

  • AntiDebugNOPACKAGE

    • Anti-debugging techniques without packaging.

  • AntiDebugPackage

    • Packaged anti-debugging techniques.

  • BatchfileDeobfuscator

    • Tools for deobfuscating batch files.

  • CreateDLL

    • Tools for creating dynamic-link libraries (DLLs).

  • crypto

    • Various cryptographic algorithms (AES, ChaCha20, RC4, XOR).

  • EDR-XDR-AV-Killer

    • Tools for evading and disabling EDR, XDR, and antivirus software.

  • ETWBypass

    • Techniques for bypassing Event Tracing for Windows (ETW).

  • GoDLLInjector

    • DLL injection techniques.

  • GoObfuscator

    • Tools for obfuscating Go code.

  • injection_native_apc

    • Native APC injection techniques.

  • injection_thread

    • Thread injection techniques:
      • createThread
      • ntCreateThreadEx

  • instrumentation_callback

    • Techniques involving instrumentation callbacks.

  • LifetimeAMSIBypass

    • Bypassing AMSI (Antimalware Scan Interface).

  • misc

    • Miscellaneous scripts and tools.

  • network

    • Networking tools:
      • http (HTTP client and server)
      • pipes (Named pipes client and server)
      • tcp (TCP client and server)

  • ParentPIDSpoofing

    • Techniques for spoofing parent process IDs.

  • PEParser

    • Tools for parsing PE (Portable Executable) files.

  • process_dump

    • Tools for dumping process memory.

  • ProtecProc

    • Process protection techniques.

  • ProtectProcess

    • Additional process protection techniques.

  • sandbox

    • Techniques for detecting and evading sandboxes.

  • self_remove

    • Tools for self-removing malware.

  • srdi

    • Tools for shellcode reflection and dynamic invocation.

  • token

    • Token manipulation tools:
      • impersonate
      • list

  • wmi

    • Tools for interacting with Windows Management Instrumentation (WMI).

  • APC Injection

    • Exploits the Asynchronous Procedure Call (APC) technique to execute malicious code within target processes.

  • Early Bird APC Injection

    • A variation of APC Injection focusing on executing code before the main process starts.

  • Local Mapping Injection

    • Demonstrates malicious code injection via memory mapping into local processes.

  • Local Payload Execution

    • Addresses the direct execution of malicious payloads in a system's local environment.

  • Payload Execution Fibers

    • Demonstrates running shellcode using Fibers, a type of lightweight thread.

  • Payload Placement

    • Shows how to store shellcode in the .text section of a process and execute it.

  • Process Injection (Shellcode)

    • Exploits shellcode injection directly into running processes to control or execute malicious tasks.

  • Registry Shellcode

    • Demonstrates writing and reading shellcode to/from the Windows Registry.

  • Remote Function Stomping Injection

    • Exploits the substitution of functions in remote systems to carry out malicious activities.

  • Remote Mapping Injection

    • Demonstrates malicious code injection via memory mapping into remote processes.

  • Remote Thread Hijacking

    • Focuses on hijacking threads in remote system processes to execute malicious code.

  • Threadless Injection

    • Demonstrates threadless injection using Go & C, where shellcode is injected without creating a new thread.

  • RunPE (Run Portable Executable)

    • Runs PE in Memory, PE = .exe.

  • Lifetime ETW - Amsi Bypass

    • Patches Amsi and ETW forever in newly created powershell consoles.

  • Keylogger

    • Logs keystrokes into a temp file.

Getting Started

To get started with any of the tools in this repository, navigate to the respective project directory and follow the instructions in the README.md file provided.

Prerequisites

  • Go programming language installed (version 1.20+)
  • Knowledge of Golang and offensive security operations, so have a brain in nutshell.

Installation

Clone the repository, and Change Dir to your specified one:

git clone https://github.com/EvilBytecode/GoRedOps.git
cd GoRedOps
cd desired_folder

Contributing

  • We welcome contributions to improve GoRedOps. If you have an idea for a new tool or an enhancement to an existing one, please fork the repository and submit a pull request.

How to contribute?

  • Steps to Contribute
  • Fork the repository.
  • Create a new branch for your feature or bug fix.
  • Implement your changes and commit them with descriptive messages.
  • Push your changes to your fork.
  • Submit a pull request to the main repository.

License :

  • NoLicense (UnLicense)

Credits:

About

🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.

Topics

go windows golang security malware hacking offensive-security malware-development red-team redteaming

Resources

Readme

License

Unlicense license
Activity

Stars

327 stars

Watchers

6 watching

Forks

45 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages