15.1.4. 漏洞利用

15.1.4.1. 利用工具

• pwntools

• ROPgadget

15.1.4.2. Anti-AV

• GhostShell

• DefenderCheck Identifies the bytes that Microsoft Defender flags on

15.1.4.3. ShellCode

• GhostShell Malware indetectable, with AV bypass techniques, anti-disassembly, etc

• donut Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters