av-evasion
There are 82 repositories under av-evasion topic.
bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
klezVirus/inceptor
Template-Driven AV/EDR Evasion Framework
TryCatchHCF/Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
swagkarna/Defeat-Defender-V1.2.0
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
Ch0pin/AVIator
Antivirus evasion project
hlldz/SpookFlare
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
lengjibo/FourEye
AV Evasion Tool For Red Team Ops
klezVirus/SilentMoonwalk
PoC Implementation of a fully dynamic call stack spoofer
bytecode77/pe-union
Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI
GetRektBoy724/SharpUnhooker
C# Based Universal API Unhooker
f1zm0/hades
Go shellcode loader that combines multiple evasion techniques
WesleyWong420/RedTeamOps-Havoc-101
Materials for the workshop "Red Team Ops: Havoc 101"
pard0p/CallstackSpoofingPOC
C++ self-Injecting dropper based on various EDR evasion techniques.
D3Ext/maldev
Golang library for malware development
f1zm0/acheron
indirect syscalls for AV/EDR evasion in Go assembly
yutianqaq/AVEvasionCraftOnline
An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
thomasxm/BOAZ_beta
Multilayered AV/EDR Evasion Framework
AdvDebug/AntiCrack-DotNet
C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.
GetRektBoy724/MeterPwrShell
Automated Tool That Generates The Perfect Meterpreter Powershell Payload
GetRektBoy724/BetterXencrypt
A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.
Cipher7/ChaiLdr
AV bypass while you sip your Chai!
VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
njcve/inflate.py
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
yutianqaq/BypassAV-Online
An online AV evasion platform written in Springboot (Golang, Nim, C) supports inline, local and remote loading of Shellocde methods.
Cipher7/ApexLdr
ApexLdr is a DLL Payload Loader written in C
Sn1r/Nim-Reverse-Shell
A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.
loadenmb/tvasion
:performing_arts: Anti virus evasion based on file signature change via AES encryption with Powershell and C# AV evasion templates which support executable and Powershell payloads with Windows executable, Powershell or batch output. Developed with Powershell on Linux for Windows targets :)
n1nj4sec/pymemimporter
import pyd or execute PE all from memory using only pure python code and some shellcode tricks
Chainski/AES-Encoder
PowerShell Obfuscator. A PowerShell script anti-virus evasion tool
AdvDebug/MineRootkit
PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.
GetRektBoy724/TripleS
Extracting Syscall Stub, Modernized
tid4l/TallGrass
An AV exclusion enumeration tool written in Python.
padovah4ck/RedSharp
Penetration Test / Read Team - C# tools repository
VirtualAlllocEx/DSC_SVC_REMOTE
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
JoelGMSec/Darkbyte
Repository of tools used in my blog