BeBee loader is shellcode loader & educational project to defeat windows defender using multiple techniques
- Encrypts your shellcode and stores it in PE Resouces as an bitmap image
- Extracts shellcode from resources and decrypt it in runtime
- Uses indirect syscalls for memory operations and execution
- Early Bird APC Injection
- Bypassed Windows Defender <= 11 till nows date (July 2026)
SIZE (bytes): DATA:
14 Fake BMP Header
4 Xor Decrytion Key
40 NOP Sled
... Encrypted Shellcode
- generate shellcode using havoc,metasploit.. whatever
- clone the repo && go to
srcfolder
git clone https://github.com/xchgll/BeBeeLoader.git && cd src
- run
create_shellcode.pythis creates the encrypted resource and .rc file
python create_shellcode.py demon.x64.bin <Xor_Key_Hex>
- run
build.batthis will generate the final implantmain.exe
Reenz0h for Halos Gate Technique
