Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!
-
Updated
Jun 5, 2024 - Go
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Kraken Crypter v5 (Native/Turbo)
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
Hidedump:a lsassdump tools that may bypass EDR
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Evade EDR's the simple way, by not touching any of the API's they hook.
Nim process hollowing loader
PowerJoker is a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
Kraken Crypter v5 (Native/Turbo)
Mostly malicious or abusable powershell I've written
silence file system monitoring components by hooking their minifilters
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Automated DLL Sideloading Tool With EDR Evasion Capabilities
Custom binary file packer/encoder with integrated decoder stub. A pentest-tool for modern EDR evasion.
Template-Driven AV/EDR Evasion Framework
Repository to publish your evasion techniques and contribute to the project
Add a description, image, and links to the edr-bypass topic page so that developers can more easily learn about it.
To associate your repository with the edr-bypass topic, visit your repo's landing page and select "manage topics."