25 results found Sort:

klezVirus
inceptor klezVirus
263
1.6k
other
35
Template-Driven AV/EDR Evasion Framework
dinvoke pinvoke red-team av-bypass pe-packer av-evasion edr-bypass amsi-bypass obfuscation red-teaming amsi-evasion av-edr-bypass code-injection payload-generator process-injection
Created 2021-08-02
58 commits to main branch, last one about a year ago
tkmru
awesome-edr-bypass tkmru
97
955
unknown
24
Awesome EDR Bypass Resources For Ethical Hacking
edr edr-bypass awesome-lists
Created 2023-04-19
19 commits to main branch, last one 22 days ago
NUL0x4C
AtomPePacker NUL0x4C
116
684
apache-2.0
21
A Highly capable Pe Packer
pe packer edr-bypass
Created 2022-10-12
16 commits to main branch, last one 2 years ago
VirtualAlllocEx
DEFCON-31-Syscalls-Workshop VirtualAlllocEx
93
636
unknown
10
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
syscalls workshop shellcode edr-bypass edr-evasion direct-syscalls antivirus-bypass malware-analysis shellcode-loader antivirus-evasion indirect-syscalls windows-internals malware-development malware-development-guide
Created 2023-04-30
1,148 commits to main branch, last one 10 months ago
georgesotiriadis
Chimera georgesotiriadis
55
458
mit
7
Automated DLL Sideloading Tool With EDR Evasion Capabilities
cpp python3 assembly edr-bypass dll-sideloading offensive-security
Created 2023-05-15
94 commits to main branch, last one 11 months ago
WesleyWong420
RedTeamOps-Havoc-101 WesleyWong420
47
355
unknown
6
Materials for the workshop "Red Team Ops: Havoc 101"
havoc opsec av-evasion edr-bypass red-team-ops active-directory process-injection
Created 2023-02-17
123 commits to main branch, last one about a month ago
f1zm0
acheron f1zm0
34
307
mit
6
indirect syscalls for AV/EDR evasion in Go assembly
go golang evasion assembly red-team av-evasion edr-bypass edr-evasion red-teaming malware-research offensive-security adversary-emulation
Created 2023-04-07
68 commits to main branch, last one about a year ago
thomasxm
BOAZ_beta thomasxm
53
268
gpl-3.0
18
Multilayered AV/EDR Evasion Framework
boaz red-ream av-bypass pe-packer av-evasion edr-bypass etw-bypass obfuscation red-teaming av-edr-bypass code-injection antivirus-evasion payload-generator process-injection red-teaming-tools
Created 2024-05-26
138 commits to main branch, last one 3 months ago
Offensive-Panda
RWX_MEMEORY_HUNT_AND_INJECTION_DV Offensive-Panda
47
247
mit
6
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
fud avbypass shellcode edr-bypass malware-development
Created 2024-05-24
6 commits to main branch, last one 6 months ago
VirtualAlllocEx
Create-Thread-Shellcode-Fetcher VirtualAlllocEx
51
245
unknown
8
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)...
msfvenom edr-bypass bypass-antivirus shellcode-loader antivirus-evasion shellcode-injection
Created 2022-03-27
34 commits to main branch, last one about a year ago
V-i-x-x
AMSI-BYPASS V-i-x-x
40
204
unknown
5
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
av 0day malware pentest avbypass amsi-patch edr-bypass pentesting amsi-bypass amsi-evasion vulnerability
Created 2024-05-03
11 commits to main branch, last one about a month ago
fortra
hw-call-stack fortra
31
181
mit
5
Use hardware breakpoints to spoof the call stack for both syscalls and API calls
syscalls edr-bypass stack-spoofing
Created 2023-03-03
4 commits to main branch, last one 6 months ago
dobin
antnium dobin
40
173
unknown
5
A C2 framework for initial access in Go
c2 rat edr-bypass remote-access initial-access
Created 2021-07-16
345 commits to master branch, last one 2 years ago
VirtualAlllocEx
Direct-Syscalls-vs-Indirect-Syscalls VirtualAlllocEx
22
165
unknown
5
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
av-bypass av-evasion edr-bypass edr-evasion windows-int direct-syscalls shellcode-loader indirect-syscalls
Created 2023-05-23
10 commits to main branch, last one 10 months ago
mrexodia
lolbin-poc mrexodia
15
133
unknown
4
Small PoC of using a Microsoft signed executable as a lolbin.
poc windbg malware redteam edr-bypass redteaming redteam-tools windbg-extension
Created 2023-02-27
2 commits to main branch, last one about a year ago
VirtualAlllocEx
Direct-Syscalls-A-journey-from-high-to-low VirtualAlllocEx
21
129
unknown
3
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
av-bypass av-evasion edr-bypass edr-evasion direct-syscalls
Created 2023-04-14
17 commits to main branch, last one about a year ago
njcve
inflate.py njcve
15
118
unknown
1
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
antivirus av-bypass bugbounty av-evasion edr-bypass evasion-attack antivirus-evasion endpoint-security
Created 2022-04-08
5 commits to main branch, last one 2 years ago
oldkingcone
BYOSI oldkingcone
8
55
mit
1
Evade EDR's the simple way, by not touching any of the API's they hook.
php redteam edr-bypass powershell edr-evasion
Created 2024-04-28
17 commits to main branch, last one 4 months ago
0mWindyBug
MinifilterHook 0mWindyBug
11
52
unknown
3
silence file system monitoring components by hooking their minifilters
driver kernel hooking windows edr-bypass minifilter
Created 2023-10-30
44 commits to main branch, last one 10 months ago
VirtualAlllocEx
DSC_SVC_REMOTE VirtualAlllocEx
10
50
unknown
2
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service p...
av-bypass av-evasion edr-bypass edr-evasion direct-syscalls
Created 2023-05-08
12 commits to main branch, last one about a year ago
roadwy
SideloadFinder roadwy
6
50
apache-2.0
4
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR'...
redteam bypass-edr edr-bypass dll-hijacking dll-sideloading bypass-antivirus
Created 2023-03-23
4 commits to main branch, last one about a year ago
itaymigdal
PichichiH0ll0wer itaymigdal
11
47
mit
4
Nim process hollowing loader
runpe loader red-team syscalls pe-loader edr-bypass edr-evasion red-team-tools payload-injector payload-generator process-hollowing process-injection penetration-testing penetration-testing-tools
Created 2023-04-15
123 commits to main branch, last one 4 months ago
coleak2021
hidedump coleak2021
5
42
unknown
1
Hidedump:a lsassdump tools that may bypass EDR
c windows bypass-av edr-bypass lsass-dump
Created 2024-05-23
3 commits to main branch, last one 6 months ago
Adkali
PowerJoker Adkali
8
35
mit
3
PowerJoker is a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
evade joker linux power github execute methods python3 execution edr-bypass powershell windows-10 windows-11 obfuscation reverse-shell obfuscate-strings offensive-security python-reverse-shell windows-reverse-shell powershell-reverse-shell
Created 2023-03-17
30 commits to main branch, last one 7 months ago
Chainski
PandaLoader Chainski
6
33
mit
1
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.
crypter evasion malware redteam pe-loader shellcode edr-bypass etw-bypass powershell etw-evasion obfuscation persistence xor-encryption bypass-antivirus shellcode-loader payload-generator shellcode-encoder
Created 2024-08-16
27 commits to main branch, last one 3 months ago