Kraken Crypter v5 (Native/Turbo)
-
Updated
May 31, 2024
Kraken Crypter v5 (Native/Turbo)
Repository to publish your evasion techniques and contribute to the project
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
Carbon Crypter / Packer
Mostly malicious or abusable powershell I've written
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Custom binary file packer/encoder with integrated decoder stub. A pentest-tool for modern EDR evasion.
Kraken Crypter v5 (Native/Turbo)
Red Teaming Tactics and Techniques
Evade EDR's the simple way, by not touching any of the API's they hook.
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
NTAPI hook bypass with (semi) legit stack trace
Indirect Syscall invocation via thread hijacking
Shellcode execution via x86 inline assembly based on MSVC syntax
An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.
PoC arbitrary WPM without a process handle
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
Hidedump:a lsassdump tools that may bypass EDR
Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
Add a description, image, and links to the edr-bypass topic page so that developers can more easily learn about it.
To associate your repository with the edr-bypass topic, visit your repo's landing page and select "manage topics."