Phantom

Phantom (Crybat/Jlaive Rewrite) is an antivirus evasion tool that can convert executables to undetectable batch files, .NET/Native assemblies are not guaranteed to work.

Changelog

Updated UAC Bypass
New BSTUB with AMSI Patch via Indirect Syscalls
BSTUB Obfuscation upon Build
WD Bypassed as of 4/25/2024

All credits goes to C5.

TODO

Change BAT Obfuscation to evade YARA Rules
Added new Obfuscation in Stub.ps1
Remove usage of reflection in Stub.ps1, rather include shellcode allocation
Compile UAC Bypass with Rust to avoid fast sigging
Remove usage of donut as it has basic mem loader or do morphing after passing through donut for native files
Add rootkit
Remove usage of .vbs(highly sigged)
Add DLL Unhooking in BSTUB
Better AMSI Patch

Name		Name	Last commit message	Last commit date
Latest commit History 48 Commits
CodeGen		CodeGen
CodeMod		CodeMod
Images		Images
Misc		Misc
Phantom		Phantom
Properties		Properties
Resources		Resources
obj		obj
App.config		App.config
FodyWeavers.xml		FodyWeavers.xml
FodyWeavers.xsd		FodyWeavers.xsd
PHB.bin		PHB.bin
Phantom Technical Documentation.pdf		Phantom Technical Documentation.pdf
Phantom.csproj		Phantom.csproj
Phantom.sln		Phantom.sln
PhantomMain.Designer.cs		PhantomMain.Designer.cs
PhantomMain.cs		PhantomMain.cs
PhantomMain.resx		PhantomMain.resx
Program.cs		Program.cs
README.md		README.md
ghost-icon-838x1024-08e6wfgk.png		ghost-icon-838x1024-08e6wfgk.png
ghost_icon_838x1024_08e6wfgk_yMY_icon.ico		ghost_icon_838x1024_08e6wfgk_yMY_icon.ico
packages.config		packages.config
version		version

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Phantom

Changelog

TODO

About

Releases

Packages

Languages

tarekxxx/Phantom

Folders and files

Latest commit

History

Repository files navigation

Phantom

Changelog

TODO

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages