From 65f3001f636442d1d9ca81258322616c136b7076 Mon Sep 17 00:00:00 2001
From: b1n <120295547+b1nhack@users.noreply.github.com>
Date: Sat, 22 Jun 2024 13:22:20 +0800
Subject: [PATCH] docs: add intro

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index e96402e..acdb7ff 100644
--- a/README.md
+++ b/README.md
@@ -5,4 +5,13 @@
 </p>
 
 **PumpBin** is an Implant Generation Platform.
+
+Modern cybersecurity teams are divided into offensive personnel and cybersecurity researchers, with researchers responsible for producing digital weapons. The teams typically deploy post-exploitation tools like Cobalt Strike, BRC4, or similar.
+To evade security software, researchers usually write shellcode loaders, including evasion code to create the final implant. This process generally follows two methods.
+
+1. Offensive personnel provide the shellcode to researchers, who then directly produce the final implant. This method is highly inflexible as offensive personnel must contact researchers every time they need a final implant.
+
+2. Researchers create a binary implant template and provide a final implant generation program. Offensive personnel use this program to inject shellcode into the binary implant template, producing the final implant.
+
+The second method is the reason for the creation of PumpBin, a final implant generation program. Cybersecurity researchers only need to follow PumpBin's guidelines to write implant templates and distribute them along with PumpBin to offensive personnel. (There are very few guidelines as PumpBin is highly flexible.)
 ![](https://github.com/pumpbin/pumpbin/assets/120295547/549bbfa8-d8a4-44c6-89e1-3f24ef7897d2)