Skip to content

2spentest/BitterCandy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
BitterCandy
BitterCandy
 
 
cryptor
cryptor
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
BitterCandy.sln
BitterCandy.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

BitterCandy - Shellcode Loader POC

Overview

BitterCandy is a Proof of Concept (POC) shellcode loader designed for educational purposes and research into static detection mechanisms. This project serves as a learning tool to understand how shellcode loaders work and how they can be detected by security solutions.

Purpose

This project is intended for:

  • Educational purposes in malware analysis and detection
  • Research into static detection mechanisms
  • Understanding shellcode execution techniques
  • Learning about Windows API usage for process manipulation

⚠️ Important Disclaimer

This project is provided for EDUCATIONAL PURPOSES ONLY. The techniques demonstrated in this code should only be used in controlled environments for learning and research. Using this code for malicious purposes is strictly prohibited and may be illegal.

Features

  • Shellcode loading and execution
  • Process manipulation capabilities
  • Demonstrates various Windows API techniques
  • Educational examples of common shellcode execution patterns

Anti-Detection Techniques (For Educational Purposes)

This project demonstrates several techniques used to understand how security solutions detect malicious code:

  1. AMSI Bypass

    • Demonstrates how AMSI (Antimalware Scan Interface) works
    • Shows the importance of proper security implementation

  2. Shellcode Encryption

    • AES encryption implementation for shellcode
    • Understanding how encryption affects static detection
    • Learning about key and IV management

  3. Process Manipulation

    • Techniques for process creation and manipulation
    • Understanding Windows API usage patterns
    • Learning about process injection methods

  4. Static Detection Evasion

    • String obfuscation techniques
    • API call obfuscation
    • Understanding signature-based detection

These techniques are included solely for educational purposes to help security researchers and developers understand how to better protect their systems.

Usage

This project is intended to be used in a controlled environment for learning purposes. Before running any code:

  1. Ensure you have a proper development environment set up
  2. Use only in isolated testing environments
  3. Do not use against any systems without explicit permission

Legal Notice

The author(s) of this project are not responsible for any misuse of this code. Users are responsible for ensuring they comply with all applicable laws and regulations when using this project.

Contributing

Contributions for educational purposes are welcome. Please ensure any contributions align with the educational nature of this project.

License

This project is licensed for educational purposes only. All rights reserved.

About

Bitter Candy malware

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages