av-bypass
There are 43 repositories under av-bypass topic.
ayoubfaouzi/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
klezVirus/inceptor
Template-Driven AV/EDR Evasion Framework
hlldz/SpookFlare
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
alphaSeclab/anti-av
Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts
yutianqaq/AVEvasionCraftOnline
An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
thomasxm/BOAZ_beta
Multilayered AV/EDR Evasion Framework
SubGlitch1/OSRipper
AV evading OSX Backdoor and Crypter Framework
Cipher7/ChaiLdr
AV bypass while you sip your Chai!
VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
njcve/inflate.py
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
Cipher7/ApexLdr
ApexLdr is a DLL Payload Loader written in C
Sn1r/Nim-Reverse-Shell
A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.
VirtualAlllocEx/DSC_SVC_REMOTE
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
1captainnemo1/DLLREVERSESHELL
A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.
1captainnemo1/PersistentCReverseShell
A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
malwarekid/Inject-EXE
The provided Python program, Inject-EXE.py, allows you to combine a malicious executable with a legitimate executable, producing a single output executable. This output executable will contain both the malicious and legitimate executables.
Enelg52/Backpack
Golang packer that use process hollowing
VirtualAlllocEx/Create_Thread_Inline_Assembly_x86
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
Souhardya/IMProtector
Old 32 bit PE executable protector / crypter
x0reaxeax/SyscallHookBypass
NTAPI hook bypass with (semi) legit stack trace
VirtualAlllocEx/Shell-we-Assembly
Shellcode execution via x86 inline assembly based on MSVC syntax
x0reaxeax/KillHandles
Closes handles of a remote process in attempt to crash it
v-lavrentikov/obfuscator
Binary obfuscation, anti-reversing, anti-debugging and av-bypass framework for Windows
Lucas310302/Coin-Nest
XMR Miner Malware
Vasco0x4/ShellLoader_Hub
Shellcode Loader Library.
VirtualAlllocEx/Create_Thread-Inline_Assembly_x86_Fibers
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
bobby-tablez/Heuristic-Confuser
Sandbox/Heuristic PowerShell Bypass
shaddy43/XOR_Shellcode_Encryptor
This repository contains xor shellcode encryptor that is used to bypass static or signature based detection of malicious shellcodes for Process Injection exploits
mauricelambert/ReverseShell
This package implements an advanced reverse shell console (supports: TCP, UDP, IRC, HTTP and DNS).
ByteCorum/Py-Shield
Tool/Library for Python used to obfuscate and protect your code from decompilation, reverse debug, etc. Also, can prevent detection by antiviruses.
OlivierLaflamme/custom_binary_for_reverseshell
custom binary reverseshell in C#
24greyhat/Hips
Hidden in plain sight! simple yet effective covert way to obfuscate data (e.g., shellcode), no one will tell gibberish from malicious!
EvilBytecode/veh-syscalls-shellcode
dm @codepulze1 on discord or codepulze on telegram to buy VEH syscalls, ssn resolving, 4/21. read readme.md
natekali/Pazuzu-Locker
π«π’π΅π±-π€π’π« π π―πΆππ±π¬ π©π¬π π¨π’π― - π«π¬π± π£π¬π― π¦π©π©π’π€ππ© ππ²π―ππ¬π°π’
VBV11/WinRM-Reverse-Shell
WinRM Reverse Shell Using Powershell.