dEEpEst Posted May 6, 2023 Share Posted May 6, 2023 Crybat (previously known as Jlaive) is an antivirus evasion tool that can convert executables to undetectable batch files .NET assemblies are not guaranteed to work. Features .NET/Native (x64) support AES/XOR encryption Compression Anti Debug Anti VM Melt file (self delete) Bind files AMSI bypass ETW bypass Screenshots This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up ✓ Download: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
dEEpEst Posted May 6, 2023 Author Share Posted May 6, 2023 Get-UnJlaive is tool which is able to reconstruct Jlaive (.NET Antivirus Evasion Tool (Exe2Bat)) to original Assembly and stub Assembly. It should defeat even the obfuscated form. ✓Video Tutorial: This is the hidden content, please Sign In or Sign Up ✓Original Source: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
dEEpEst Posted May 6, 2023 Author Share Posted May 6, 2023 +Info 👇 Sergio de los Santos Última moda en ofuscación. Un fichero BAT (de 14MB) totalmente ofuscado, que corre un powershell que descifra (con AES) y ejecuta un .NET. Este por dentro también está ofuscado. Como es de esperar, cero detecciones en estático desde hace semanas. Además juega bien con los sets +¬ This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts