Repository to publish your evasion techniques and contribute to the project
-
Updated
Sep 30, 2023 - C++
Repository to publish your evasion techniques and contribute to the project
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!
Red Teaming Tactics and Techniques
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
Evade EDR's the simple way, by not touching any of the API's they hook.
Carbon Crypter / Packer
Custom binary file packer/encoder with integrated decoder stub. A pentest-tool for modern EDR evasion.
Kraken Crypter v5 (Native/Turbo)
Kraken Crypter v5 (Native/Turbo)
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
NTAPI hook bypass with (semi) legit stack trace
Mostly malicious or abusable powershell I've written
An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.
PoC arbitrary WPM without a process handle
Indirect Syscall invocation via thread hijacking
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
Shellcode execution via x86 inline assembly based on MSVC syntax
Hidedump:a lsassdump tools that may bypass EDR
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.
PowerJoker is a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
Add a description, image, and links to the edr-bypass topic page so that developers can more easily learn about it.
To associate your repository with the edr-bypass topic, visit your repo's landing page and select "manage topics."