27 results found Sort:
- Filter by Primary Language:
- C (7)
- C++ (6)
- Rust (4)
- Nim (2)
- Python (2)
- PowerShell (1)
- HTML (1)
- C# (1)
- Go (1)
- Assembly (1)
- PHP (1)
- +
AV/EDR Evasion Lab for Training & Learning Purposes
Created
2023-11-12
114 commits to main branch, last one 14 days ago
PoC Implementation of a fully dynamic call stack spoofer
Created
2022-12-04
8 commits to master branch, last one 6 months ago
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Created
2023-04-30
1,148 commits to main branch, last one about a year ago
.NET/PowerShell/VBA Offensive Security Obfuscator
This repository has been archived
(exclude archived)
Created
2022-08-10
25 commits to main branch, last one about a year ago
C++ self-Injecting dropper based on various EDR evasion techniques.
Created
2023-10-08
20 commits to main branch, last one 11 months ago
Go shellcode loader that combines multiple evasion techniques
Created
2022-10-11
49 commits to main branch, last one about a year ago
Threadless Process Injection through entry point hijacking
Created
2023-05-29
38 commits to main branch, last one 4 months ago
indirect syscalls for AV/EDR evasion in Go assembly
Created
2023-04-07
68 commits to main branch, last one about a year ago
Call stack spoofing for Rust
Created
2022-11-21
40 commits to main branch, last one 5 months ago
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Created
2023-01-05
13 commits to main branch, last one about a year ago
Apply a divide and conquer approach to bypass EDRs
Created
2023-02-19
14 commits to main branch, last one about a year ago
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Created
2021-05-14
61 commits to main branch, last one 2 years ago
Generic PE loader for fast prototyping evasion techniques
Created
2024-06-30
4 commits to main branch, last one 7 months ago
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Created
2023-05-23
10 commits to main branch, last one about a year ago
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
Created
2023-04-14
17 commits to main branch, last one about a year ago
Your syscall factory
Created
2023-07-09
245 commits to main branch, last one 4 months ago
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
Created
2023-07-13
11 commits to main branch, last one 8 months ago
Implementation of Indirect Syscall technique to pop a calc.exe
Created
2024-01-25
6 commits to main branch, last one about a year ago
This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedica...
Created
2024-01-28
246 commits to main branch, last one 12 days ago
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
Created
2022-03-25
44 commits to main branch, last one 2 years ago
Evade EDR's the simple way, by not touching any of the API's they hook.
Created
2024-04-28
18 commits to main branch, last one 4 days ago
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
Created
2024-12-15
1 commits to main branch, last one about a month ago
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
Created
2023-07-10
19 commits to main branch, last one 12 months ago
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service p...
Created
2023-05-08
12 commits to main branch, last one about a year ago
Nim process hollowing loader
Created
2023-04-15
123 commits to main branch, last one 6 months ago
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Created
2024-05-18
29 commits to master branch, last one 8 months ago
Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.
Created
2024-10-16
6 commits to main branch, last one 3 months ago