8DarkBit

Pinned Repositories

Awesome-AV-EDR-XDR-Bypass
Awesome AV/EDR/XDR Bypass Tips
00
Awesome-CobaltStrike
List of Awesome CobaltStrike Resources
00
awesome-edr-bypass
Awesome EDR Bypass Resources For Ethical Hacking
00
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
00
BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
00
Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
Language:C00
EDR-Bypass-demo
Some demos to bypass EDRs or AVs by 78itsT3@m
Language:C00
NtdllUnpatcher
Example code for EDR bypassing
Language:C++00
process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
Language:C00
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
Language:C++00

8DarkBit's Repositories

8DarkBit/Awesome-Red-Teaming
List of Awesome Red Teaming Resources
8DarkBit/awesome-edr-bypass
Awesome EDR Bypass Resources For Ethical Hacking
8DarkBit/Awesome-CobaltStrike
List of Awesome CobaltStrike Resources
8DarkBit/BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
8DarkBit/Awesome-AV-EDR-XDR-Bypass
Awesome AV/EDR/XDR Bypass Tips
8DarkBit/Dirty-Vanity
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
8DarkBit/process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
8DarkBit/EDR-Bypass-demo
Some demos to bypass EDRs or AVs by 78itsT3@m
8DarkBit/RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
8DarkBit/NtdllUnpatcher
Example code for EDR bypassing