31 results found Sort:

klezVirus
inceptor klezVirus
270
1.7k
other
36
Template-Driven AV/EDR Evasion Framework
dinvoke pinvoke red-team av-bypass pe-packer av-evasion edr-bypass amsi-bypass obfuscation red-teaming amsi-evasion av-edr-bypass code-injection payload-generator process-injection
Created 2021-08-02
58 commits to main branch, last one about a year ago
tkmru
awesome-edr-bypass tkmru
119
1.2k
unknown
29
Awesome EDR Bypass Resources For Ethical Hacking
edr redteam edr-bypass redteaming awesome-lists
Created 2023-04-19
22 commits to main branch, last one 2 months ago
NUL0x4C
AtomPePacker NUL0x4C
119
698
apache-2.0
21
A Highly capable Pe Packer
pe packer edr-bypass
Created 2022-10-12
16 commits to main branch, last one 2 years ago
VirtualAlllocEx
DEFCON-31-Syscalls-Workshop VirtualAlllocEx
95
656
unknown
11
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
syscalls workshop shellcode edr-bypass edr-evasion direct-syscalls antivirus-bypass malware-analysis shellcode-loader antivirus-evasion indirect-syscalls windows-internals malware-development malware-development-guide
Created 2023-04-30
1,148 commits to main branch, last one about a year ago
thomasxm
BOAZ_beta thomasxm
104
621
gpl-3.0
26
Multilayered AV/EDR Evasion Framework
boaz red-ream av-bypass pe-packer av-evasion edr-bypass etw-bypass obfuscation red-teaming av-edr-bypass code-injection antivirus-evasion payload-generator process-injection red-teaming-tools
Created 2024-05-26
166 commits to main branch, last one a day ago
georgesotiriadis
Chimera georgesotiriadis
56
469
mit
7
Automated DLL Sideloading Tool With EDR Evasion Capabilities
cpp python3 assembly edr-bypass dll-sideloading offensive-security
Created 2023-05-15
94 commits to main branch, last one about a year ago
WesleyWong420
RedTeamOps-Havoc-101 WesleyWong420
50
373
unknown
6
Materials for the workshop "Red Team Ops: Havoc 101"
havoc opsec av-evasion edr-bypass red-team-ops active-directory process-injection
Created 2023-02-17
123 commits to main branch, last one 6 months ago
f1zm0
acheron f1zm0
39
326
mit
6
indirect syscalls for AV/EDR evasion in Go assembly
go golang evasion assembly red-team av-evasion edr-bypass edr-evasion red-teaming malware-research offensive-security adversary-emulation
Created 2023-04-07
68 commits to main branch, last one 2 years ago
Offensive-Panda
RWX_MEMEORY_HUNT_AND_INJECTION_DV Offensive-Panda
47
283
mit
6
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
fud avbypass shellcode edr-bypass malware-development
Created 2024-05-24
6 commits to main branch, last one 11 months ago
V-i-x-x
AMSI-BYPASS V-i-x-x
47
272
unknown
5
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
av 0day malware pentest avbypass amsi-patch edr-bypass pentesting amsi-bypass amsi-evasion vulnerability
Created 2024-05-03
24 commits to main branch, last one 15 days ago
VirtualAlllocEx
Create-Thread-Shellcode-Fetcher VirtualAlllocEx
51
246
unknown
9
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)...
msfvenom edr-bypass bypass-antivirus shellcode-loader antivirus-evasion shellcode-injection
Created 2022-03-27
34 commits to main branch, last one about a year ago
fortra
hw-call-stack fortra
28
195
mit
5
Use hardware breakpoints to spoof the call stack for both syscalls and API calls
syscalls edr-bypass stack-spoofing
Created 2023-03-03
4 commits to main branch, last one 10 months ago
VirtualAlllocEx
Direct-Syscalls-vs-Indirect-Syscalls VirtualAlllocEx
24
186
unknown
5
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
av-bypass av-evasion edr-bypass edr-evasion windows-int direct-syscalls shellcode-loader indirect-syscalls
Created 2023-05-23
10 commits to main branch, last one about a year ago
dobin
antnium dobin
39
180
unknown
6
A C2 framework for initial access in Go
c2 rat edr-bypass remote-access initial-access
Created 2021-07-16
345 commits to master branch, last one 2 years ago
V-i-x-x
kernel-callback-removal V-i-x-x
31
161
unknown
3
kernel callback removal (Bypassing EDR Detections)
edr kernel edr-bypass edr-evasion
Created 2025-03-18
24 commits to main branch, last one about a month ago
mrexodia
lolbin-poc mrexodia
16
137
unknown
4
Small PoC of using a Microsoft signed executable as a lolbin.
poc windbg malware redteam edr-bypass redteaming redteam-tools windbg-extension
Created 2023-02-27
2 commits to main branch, last one 2 years ago
VirtualAlllocEx
Direct-Syscalls-A-journey-from-high-to-low VirtualAlllocEx
23
133
unknown
4
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
av-bypass av-evasion edr-bypass edr-evasion direct-syscalls
Created 2023-04-14
17 commits to main branch, last one about a year ago
njcve
inflate.py njcve
15
120
unknown
1
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
antivirus av-bypass bugbounty av-evasion edr-bypass evasion-attack antivirus-evasion endpoint-security
Created 2022-04-08
5 commits to main branch, last one 3 years ago
voidvxvt
HellBunny voidvxvt
20
104
unknown
3
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
dll msvc ntapi maldev windows edr-bypass native-api api-hashing edr-evasion iat-camouflage direct-syscalls dll-sideloading shellcode-loader indirect-syscalls process-injection payload-encryption malware-development shellcode-injection
Created 2024-12-15
1 commits to main branch, last one 4 months ago
oldkingcone
BYOSI oldkingcone
14
100
mit
1
Evade EDR's the simple way, by not touching any of the API's they hook.
php redteam edr-bypass powershell edr-evasion
Created 2024-04-28
18 commits to main branch, last one 2 months ago
itaymigdal
PichichiH0ll0wer itaymigdal
12
57
mit
4
Nim process hollowing loader
runpe loader red-team syscalls pe-loader edr-bypass edr-evasion red-team-tools payload-injector payload-generator process-hollowing process-injection penetration-testing penetration-testing-tools
Created 2023-04-15
123 commits to main branch, last one 8 months ago
0mWindyBug
MinifilterHook 0mWindyBug
13
56
unknown
4
silence file system monitoring components by hooking their minifilters
driver kernel hooking windows edr-bypass minifilter
Created 2023-10-30
44 commits to main branch, last one about a year ago
Adkali
PowerJoker Adkali
10
51
mit
4
PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
evade joker linux power github execute methods python3 execution edr-bypass powershell windows-10 windows-11 obfuscation reverse-shell obfuscate-strings offensive-security python-reverse-shell windows-reverse-shell powershell-reverse-shell
Created 2023-03-17
35 commits to main branch, last one 3 months ago
VirtualAlllocEx
DSC_SVC_REMOTE VirtualAlllocEx
11
51
unknown
3
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service p...
av-bypass av-evasion edr-bypass edr-evasion direct-syscalls
Created 2023-05-08
12 commits to main branch, last one about a year ago
roadwy
SideloadFinder roadwy
6
51
apache-2.0
4
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR'...
redteam bypass-edr edr-bypass dll-hijacking dll-sideloading bypass-antivirus
Created 2023-03-23
4 commits to main branch, last one 2 years ago
coleak2021
hidedump coleak2021
6
50
unknown
1
Hidedump:a lsassdump tools that may bypass EDR
c windows bypass-av edr-bypass lsass-dump
Created 2024-05-23
3 commits to main branch, last one 11 months ago
Chainski
PandaLoader Chainski
7
48
mit
1
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.
crypter evasion malware redteam pe-loader shellcode edr-bypass etw-bypass powershell etw-evasion obfuscation persistence xor-encryption bypass-antivirus shellcode-loader payload-generator shellcode-encoder
Created 2024-08-16
29 commits to main branch, last one a day ago
0xflux
Rust-Hells-Gate 0xflux
6
45
unknown
1
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
rust malware pentest redteam hellsgate rust-lang bypass-edr edr-bypass hells-gate pentesting redteaming edr-evasion pentest-tool redteam-tools antivirus-bypass bypass-antivirus malware-research antivirus-evasion offensive-security
Created 2024-05-18
29 commits to master branch, last one 10 months ago
WafflesExploits
CobaltStrike-YARA-Bypass-f0b627fc WafflesExploits
7
37
apache-2.0
1
Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.
python edr-bypass yara-rules edr-evasion cobalt-strike automatization
Created 2024-10-16
6 commits to main branch, last one 6 months ago
k3lpi3b4nsh33
BlindEdr k3lpi3b4nsh33
10
32
apache-2.0
2
A Blind EDR Project for Educational Purposes
driver malware edr-bypass edr-evasion
Created 2025-01-07
12 commits to master branch, last one 3 months ago