av-evasion

There are 67 repositories under av-evasion topic.

  • bytecode77/r77-rootkit

    Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

    Language:C1.5k4081374
  • inceptor

    klezVirus/inceptor

    Template-Driven AV/EDR Evasion Framework

    Language:Assembly1.5k3548262

  • TryCatchHCF/Cloakify

    CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

    Language:Python1.5k612230

  • swagkarna/Defeat-Defender-V1.2.0

    Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

    Language:Batchfile1.4k4324299

  • Ch0pin/AVIator

    Antivirus evasion project

    Language:C#1k3616218

  • hlldz/SpookFlare

    Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

    Language:Python9445117190

  • lengjibo/FourEye

    AV Evasion Tool For Red Team Ops

    Language:C7451618152

  • klezVirus/SilentMoonwalk

    PoC Implementation of a fully dynamic call stack spoofer

    Language:C++61311194

  • bytecode77/pe-union

    Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI

    Language:C#5973726141

  • GetRektBoy724/SharpUnhooker

    C# Based Universal API Unhooker

    Language:C#3844376
  • hades

    f1zm0/hades

    Go shellcode loader that combines multiple evasion techniques

    Language:Go3297146

  • WesleyWong420/RedTeamOps-Havoc-101

    Materials for the workshop "Red Team Ops: Havoc 101"

    Language:C#3035241

  • pard0p/CallstackSpoofingPOC

    C++ self-Injecting dropper based on various EDR evasion techniques.

    Language:C2953160

  • D3Ext/maldev

    Golang library for malware development

    Language:Go2935328

  • f1zm0/acheron

    indirect syscalls for AV/EDR evasion in Go assembly

    Language:Assembly2906333

  • GetRektBoy724/MeterPwrShell

    Automated Tool That Generates The Perfect Meterpreter Powershell Payload

    22010841

  • yutianqaq/AVEvasionCraftOnline

    An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.

    Language:Go21341940

  • GetRektBoy724/BetterXencrypt

    A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.

    Language:PowerShell2069845
  • AntiCrack-DotNet

    AdvDebug/AntiCrack-DotNet

    C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.

    Language:C#1938249

  • Cipher7/ChaiLdr

    AV bypass while you sip your Chai!

    Language:C1613321

  • VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls

    The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

    Language:C1234018

  • VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low

    Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

    Language:C1202119

  • njcve/inflate.py

    Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.

    Language:Python1151115

  • yutianqaq/BypassAV-Online

    An online AV evasion platform written in Springboot (Golang, Nim, C) supports inline, local and remote loading of Shellocde methods.

    Language:Java1142411

  • loadenmb/tvasion

    :performing_arts: Anti virus evasion based on file signature change via AES encryption with Powershell and C# AV evasion templates which support executable and Powershell payloads with Windows executable, Powershell or batch output. Developed with Powershell on Linux for Windows targets :)

    Language:PowerShell746225

  • n1nj4sec/pymemimporter

    import pyd or execute PE all from memory using only pure python code and some shellcode tricks

    Language:Python706417
  • MineRootkit

    AdvDebug/MineRootkit

    PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.

    Language:C#635315

  • GetRektBoy724/TripleS

    Extracting Syscall Stub, Modernized

    Language:C#614115

  • Sn1r/Nim-Reverse-Shell

    A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.

    Language:Nim612019

  • tid4l/TallGrass

    An AV exclusion enumeration tool written in Python.

    Language:Python58307

  • padovah4ck/RedSharp

    Penetration Test / Read Team - C# tools repository

    Language:C#554023
  • Darkbyte

    JoelGMSec/Darkbyte

    Repository of tools used in my blog

    Language:C492019

  • Chainski/AES-Encoder

    PowerShell Obfuscator. A PowerShell script anti-virus evasion tool

    Language:PowerShell481614

  • VirtualAlllocEx/DSC_SVC_REMOTE

    This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

    Language:C472010

  • hackerOrionX/ORIONX-FUD-CRYPTER

    The only FREE and 100% FUD crypter that will still FUD, work on Windows. Powerfull obfuscator to bypass Anti-Viruses detection.

    Language:Tcl40203

  • Enelg52/Gofrette

    Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

    Language:Go36207