22 results found Sort:
- Filter by Primary Language:
- C++ (6)
- C (5)
- Rust (3)
- Nim (2)
- PowerShell (1)
- Python (1)
- HTML (1)
- C# (1)
- Go (1)
- Assembly (1)
- +
Little user-mode AV/EDR evasion lab for training & learning purposes
Created
2023-11-12
88 commits to main branch, last one 2 months ago
PoC Implementation of a fully dynamic call stack spoofer
Created
2022-12-04
7 commits to master branch, last one about a year ago
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Created
2023-04-30
1,148 commits to main branch, last one 5 months ago
.NET/PowerShell/VBA Offensive Security Obfuscator
This repository has been archived
(exclude archived)
Created
2022-08-10
25 commits to main branch, last one 4 months ago
Go shellcode loader that combines multiple evasion techniques
Created
2022-10-11
49 commits to main branch, last one about a year ago
Threadless Process Injection through entry point hijacking
Created
2023-05-29
37 commits to main branch, last one 8 months ago
C++ self-Injecting dropper based on various EDR evasion techniques.
Created
2023-10-08
20 commits to main branch, last one 4 months ago
indirect syscalls for AV/EDR evasion in Go assembly
Created
2023-04-07
68 commits to main branch, last one about a year ago
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Created
2023-01-05
13 commits to main branch, last one 6 months ago
Call stack spoofing for Rust
Created
2022-11-21
38 commits to main branch, last one 20 days ago
Apply a divide and conquer approach to bypass EDRs
Created
2023-02-19
14 commits to main branch, last one 8 months ago
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Created
2021-05-14
61 commits to main branch, last one about a year ago
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Created
2023-05-23
10 commits to main branch, last one 5 months ago
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
Created
2023-04-14
17 commits to main branch, last one about a year ago
Your syscall factory
Created
2023-07-09
237 commits to main branch, last one about a month ago
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
Created
2023-07-13
11 commits to main branch, last one about a month ago
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
Created
2022-03-25
44 commits to main branch, last one about a year ago
Implementation of Indirect Syscall technique to pop a calc.exe
Created
2024-01-25
6 commits to main branch, last one 5 months ago
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
Created
2023-07-10
19 commits to main branch, last one 4 months ago
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service p...
Created
2023-05-08
12 commits to main branch, last one about a year ago
Nim process hollowing loader
Created
2023-04-15
120 commits to main branch, last one 2 months ago
Defense Evasion Techniques Repository. This repository contains a collection of techniques designed to bypass Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) systems.
Created
2024-01-28
90 commits to main branch, last one 4 days ago