How would I use Coldfire to write an AV evasion program in Go?

113 views Asked by At

A bit of background: I am a pentester who is looking for new ways to get around AV detection during tests / bounties and I recently found the Go library "Coldfire" on Github. I am new to Go so I was wondering how I would structure a project with this package.

It doesn't give much instructions except the func that it uses and I am coming from Python.

https://github.com/redcode-labs/Coldfire

If anyone can give me some tips, I am trying to write an AV evasion program that will kill AV processes and possibly disable a WAF.

You don't have to give me full code or anything, I just would like some examples on how to use the package is all. Thank you so much and please excuse my lack of knowledge I love Go but am very new to it and trying to learn it respective to my profession.

Not really interested in Disruptive functions but with the recent outbreak in Go malware I would love to understand how malicious attackers use those functions too if possible.

I imported the library but it kept giving me an error saying I wasn't using the package even though I had implemented some of the functions to see what they did.

Not sure what goes in said func like..

func PkillAv()

Not sure what would go in the {} on this one or if I would even need it.

1

There are 1 answers

0
Adrian Rudy Dacka On

You would just need to import it at the top part of your code like:

import "github.com/redcode-labs/Coldfire"

You also need to run

go mod tidy

To download this package.

After that you can use the functions provided in the package. There is no "structure" that you need to manualy create