AI‑Powered Red Team Evasion Playbook: Webshell Stealth, WAF/RASP/EDR Bypass & Traffic Camouflage Tips

AI Redteam Notes is an AI‑assisted repository of red‑team evasion techniques, covering webshell stealth, WAF/RASP/EDR bypass, and traffic camouflage. The core philosophy is to explain the principle, applicable scenarios, and limitations of each bypass rather than merely providing copy‑paste scripts.

PHP Webshell Evasion

Six technique families: gzip+base64 nesting, dynamic function‑name concatenation, higher‑order callbacks, comment break + tag nesting, RASP‑specific bypass, protocol‑context escape.

Optimal combination strategies for SecurityDog, CloudLock, Chaitin Muyu, and OpenRASP.

Godzilla V3 micro‑step TDP replaces eval with include + tempnam, adds random bytes, header verification, and a two‑stage MD5 prefix/suffix.

Seven typical failure scenarios with root causes and correct actions.

Each step notes PHP version compatibility and target product bypass.

AdaptixC2 BOF Plugin Guide

Concepts: BOF/Beacon/AxScript and AdaptixC2’s compatibility boundaries.

Project layout and BOF naming conventions.

AxScript details: command registration, argument packing, pre/post hooks, right‑click menu.

CS → AdaptixC2 type mapping (e.g., bof_pack Z → wstr).

Five BOF argument types, string‑encoding issues and fixes.

Common pitfalls: command not found, username garble, menu.add() errors.

Reusable .axs script skeleton.

Practical case: AddUser‑BOF (NetUserAdd + SAMR double‑path) migration.

Java Evasion Techniques (Unverified)

Five webshell schemes: multi‑layer reflection + dynamic class name, BCEL bytecode loading, URLClassLoader remote load, AES obfuscation/decryption, JSPX XML injection.

Five memory‑horse types: Filter, Servlet, Listener, Spring Controller, Valve.

Advanced evasion: classloader isolation, reflection‑chain obfuscation, memory‑feature erasure, dynamic triggers, environment awareness, anti‑debug detection.

Combination patterns: A+B triple overlay, A+C remote load, D+Filter memory horse, Controller+Valve double bypass.

Each entry marks JDK version differences and middleware adaptation; readers are invited to submit PRs with verification results.

Ghost Bits (Cast Attack) Summary

Java char is 16‑bit but many APIs only use the low 8 bits, allowing high‑bit loss to craft payloads that appear differently to different parsers.

Nine attack techniques: BCEL ClassLoader bypass, Jackson SQLi, Fastjson \u / \x escape, Tomcat file upload, full‑width URL path traversal, JDK Base64 decode, GeoServer RCE bypass, Jetty double encoding, SMTP injection.

Unicode→ASCII mapping table (10 groups of one‑way mappings).

Four CVEs referenced: CVE‑2025‑41242 (Spring), CVE‑2025‑7962 (SMTP), CVE‑2026‑21933 (JDK), CVE‑2024‑36401 (GeoServer).

Ready‑to‑use payload templates, automation scanning scripts, and code‑audit focus points.

Supply‑chain findings in ActiveJ, Lettuce, XMLWriter, Jodd components.

Why It Is Called "AI Redteam"

All documents are first drafted by AI from security research experience, then manually reviewed and corrected.

AI quickly enumerates bypass variants; humans verify and filter the results.

The prompt acts as a reusable methodology that can be transferred to other languages and scenarios.

This forms a "human‑strategy, AI‑content" security knowledge production pipeline.

Tool Download

https://github.com/yunhai666/ai-redteam-notes/tree/master