bypass-edr
There are 16 repositories under bypass-edr topic.
0xsp-SRD/mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
helviojunior/hookchain
HookChain: A new perspective for Bypassing EDR Solutions
HackerCalico/No_X_BOF
Loading BOF & ShellCode without executable permission memory.
VirtualAlllocEx/Payload-Download-Cradles
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
TunnelGRE/Percino
Evasive Golang Loader
HackerCalico/SkyShadow
Generate DLL Hijacking Payload in batches.
HackerCalico/RAT_Obfuscator
Magical obfuscator, supports obfuscating EXE, BOF, and ShellCode.
VirtualAlllocEx/Taskschedule-Persistence-Download-Cradles
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
Kara-4search/NewNtdllBypassInlineHook_CSharp
Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
roadwy/SideloadFinder
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.
xiosec/Terminator
PowerShell script to terminate protected processes such as anti-malware and EDRs.
0xflux/Rust-Hells-Gate
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
HackerCalico/SigLocator
Efficient RAT signature locator for bypassing AV/EDR, supporting static scanning and memory scanning.
ikermit/11Syscalls
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
Kara-4search/HellgateLoader_CSharp
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
HackerCalico/ArpScan
ARP Scanner, a lightweight host-alive detection tool for OPSEC.