- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
geacon_pro is an Anti-Virus bypassing CobaltStrike Beacon written in Golang based on the geacon project.
geacon_pro supports CobaltStrike version 4.1+
geacon_pro has implemented most functions of Beacon.
The core of bypassing Anti-Virus can be reflected in three aspects:
There is no CobaltStrike Beacon feature.
Viruses written in Golang can bypass the detection of antivirus software to a certain extent.
Some dangerous functions which can be easily detected by antivirus software has been changed to more stealthy implementations.
Functions
Windows platform:
sleep, shell, upload, download, exit, cd, pwd, file_browse, ps, kill, getuid, mkdir, rm, cp, mv, run, execute, drives, powershell-import, powershell, execute-assembly, Multiple thread injection methods (you can replace the source code yourself), inject, shinject, dllinject, pipe, Various CobaltStrike native reflection dll injection (mimikatz, portscan, screenshot, keylogger, etc.), steal_token, rev2self, make_token, getprivs, proxy, delete self, timestomp, etc. Supports reflectiveDll, execute-assembly, powershell, powerpick, upload and execute, and other functions of cna custom plugins.
Linux, Mac platform:
sleep, shell, upload, download, exit, cd, pwd, file_browse, ps, kill, getuid, mkdir, rm, cp, mv, delete self, etc.
Process management and file management support graphical interaction.