GitHub topics: av-evasion
thomasxm/BOAZ_beta
Multilayered AV/EDR Evasion Framework
Language: C++ - Size: 85.6 MB - Last synced at: 1 day ago - Pushed at: 2 days ago - Stars: 617 - Forks: 102
VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Language: C - Size: 24.4 KB - Last synced at: about 9 hours ago - Pushed at: about 1 year ago - Stars: 185 - Forks: 24
VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
Language: C - Size: 592 KB - Last synced at: about 9 hours ago - Pushed at: almost 2 years ago - Stars: 133 - Forks: 23
klezVirus/SilentMoonwalk
PoC Implementation of a fully dynamic call stack spoofer
Language: C++ - Size: 292 KB - Last synced at: 8 days ago - Pushed at: 9 months ago - Stars: 758 - Forks: 99
CroodSolutions/AutoPwnKey
AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. It is our hope that this tool will be useful to red teams over the short term, while over the long term help AV/EDR vendors improve how they handle AHK scripts.
Language: AutoHotkey - Size: 1.28 MB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 25 - Forks: 5
bytecode77/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
Language: C - Size: 5.08 MB - Last synced at: 9 days ago - Pushed at: 26 days ago - Stars: 1,877 - Forks: 426
truelockmc/Discord-RAT
A discord Remote Administration Tool. Easy to use, undetected and powerfull.
Language: Python - Size: 21.3 MB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 7 - Forks: 1
bytecode77/pe-union
Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI
Language: Assembly - Size: 5.67 MB - Last synced at: 6 days ago - Pushed at: 5 months ago - Stars: 679 - Forks: 149
Ch0pin/AVIator
Antivirus evasion project
Language: C# - Size: 3.12 MB - Last synced at: 6 days ago - Pushed at: 3 months ago - Stars: 1,095 - Forks: 226
EvilBytecode/EByte-VBS-Obfuscator-Go
VBS-Obfuscator-GO is a Go-based tool designed for obfuscating VBScript (VBS) files. It transforms readable VBScript code into a less recognizable form by employing random variable names and encoding character values using mathematical operations. This helps protect scripts from casual inspection and modification.
Language: Go - Size: 7.81 KB - Last synced at: 1 day ago - Pushed at: 8 months ago - Stars: 35 - Forks: 5
WesleyWong420/RedTeamOps-Havoc-101
Materials for the workshop "Red Team Ops: Havoc 101"
Language: C# - Size: 22.9 MB - Last synced at: 9 days ago - Pushed at: 7 months ago - Stars: 371 - Forks: 50
klezVirus/inceptor
Template-Driven AV/EDR Evasion Framework
Language: Assembly - Size: 19.9 MB - Last synced at: 13 days ago - Pushed at: over 1 year ago - Stars: 1,658 - Forks: 271
N3M3S1Spy/InjectionLab
InjectionLab is an educational toolkit showcasing various Windows code injection techniques. It provides well-documented examples for security researchers and defenders to explore process injection, memory manipulation, and detection strategies.
Language: C++ - Size: 66.4 KB - Last synced at: 11 days ago - Pushed at: 14 days ago - Stars: 0 - Forks: 0
n1nj4sec/pymemimporter
import pyd or execute PE all from memory using only pure python code and some shellcode tricks
Language: Python - Size: 256 KB - Last synced at: 6 days ago - Pushed at: about 8 years ago - Stars: 74 - Forks: 15
Chainski/AES-Encoder
PowerShell Obfuscator. A PowerShell script anti-virus evasion tool
Language: PowerShell - Size: 108 KB - Last synced at: 11 days ago - Pushed at: 5 months ago - Stars: 71 - Forks: 19
f1zm0/acheron
indirect syscalls for AV/EDR evasion in Go assembly
Language: Assembly - Size: 332 KB - Last synced at: 15 days ago - Pushed at: almost 2 years ago - Stars: 325 - Forks: 38
yutianqaq/BypassAV-Online
An online AV evasion platform written in Springboot (Golang, Nim, C) supports inline, local and remote loading of Shellocde methods.
Language: Java - Size: 10.6 MB - Last synced at: 11 days ago - Pushed at: about 1 year ago - Stars: 118 - Forks: 11
yutianqaq/AVEvasionCraftOnline
An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
Language: Go - Size: 1.82 MB - Last synced at: 14 days ago - Pushed at: 12 months ago - Stars: 326 - Forks: 51
TryCatchHCF/Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Language: Python - Size: 17.9 MB - Last synced at: 22 days ago - Pushed at: over 4 years ago - Stars: 1,590 - Forks: 233
D3Ext/maldev
Golang library for malware development
Language: Go - Size: 1.64 MB - Last synced at: 12 days ago - Pushed at: 5 months ago - Stars: 348 - Forks: 32
JenarGithub76/payload-obfuscator
A Python-based tool for studying and practicing Windows PE binary obfuscation techniques.
Size: 1000 Bytes - Last synced at: 25 days ago - Pushed at: 25 days ago - Stars: 3 - Forks: 0
lengjibo/FourEye
AV Evasion Tool For Red Team Ops
Language: C - Size: 2.34 MB - Last synced at: 16 days ago - Pushed at: over 3 years ago - Stars: 757 - Forks: 153
f1zm0/hades
Go shellcode loader that combines multiple evasion techniques
Language: Go - Size: 2.12 MB - Last synced at: 15 days ago - Pushed at: almost 2 years ago - Stars: 364 - Forks: 46
swagkarna/Defeat-Defender-V1.2.0
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
Language: Batchfile - Size: 18.4 MB - Last synced at: 27 days ago - Pushed at: over 1 year ago - Stars: 1,529 - Forks: 311
EvilBytecode/veh-syscalls-shellcode
dm @codepulze1 on discord or codepulze on telegram to buy VEH syscalls, ssn resolving, 4/21. read readme.md
Size: 4.88 KB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 2 - Forks: 1
EvilBytecode/EByte-Shellcode-Loader
shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually from NTDLL using a hash-based method.
Language: D - Size: 142 KB - Last synced at: 6 days ago - Pushed at: 7 months ago - Stars: 9 - Forks: 1
EvilBytecode/Nyx-Full-Dll-Unhook
(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
Language: Go - Size: 36.1 KB - Last synced at: 1 day ago - Pushed at: 9 months ago - Stars: 19 - Forks: 3
EvilBytecode/ETW-Patch
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
Language: Go - Size: 4.88 KB - Last synced at: 1 day ago - Pushed at: 10 months ago - Stars: 8 - Forks: 1
JoelGMSec/Darkbyte
Repository of tools used in my blog
Language: C - Size: 13.2 MB - Last synced at: 20 days ago - Pushed at: about 1 year ago - Stars: 51 - Forks: 18
Enelg52/Backpack
Golang packer that use process hollowing
Language: Go - Size: 53.7 KB - Last synced at: 22 days ago - Pushed at: almost 3 years ago - Stars: 17 - Forks: 4
aniko33/pe-packer-x64
A simple template PE Packer (x64)
Language: C - Size: 17.6 KB - Last synced at: 9 days ago - Pushed at: 9 months ago - Stars: 2 - Forks: 0
hlldz/SpookFlare 📦
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
Language: Python - Size: 76.2 KB - Last synced at: 19 days ago - Pushed at: almost 6 years ago - Stars: 948 - Forks: 188
m0rd3caii/goRAT
This Remote Access Tool (RAT), built with Go, is controlled via a Discord bot. The bot connects to a target machine and allows remote control through Discord commands.
Language: Go - Size: 21.7 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0
noderaven/payload-obfuscator
A Python-based tool for studying and practicing Windows PE binary obfuscation techniques.
Language: Python - Size: 132 KB - Last synced at: 19 days ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0
x86-512/Metamorpheus
A metamorphic shellcode obfuscator capable of generating more unique shellcodes than there are atoms in the OBSERVABLE UNIVERSE and designed for shellcodes/implants that need to run in W^X memory.
Language: Python - Size: 384 KB - Last synced at: 12 days ago - Pushed at: 3 months ago - Stars: 1 - Forks: 1
Vasco0x4/ShellLoader_Hub
Shellcode Loader Library.
Size: 9.77 KB - Last synced at: 10 days ago - Pushed at: 3 months ago - Stars: 9 - Forks: 1
EvilBytecode/PayloadCrypter
Go Based Crypter That Can Bypass Any Kinds Of Antivirus Products, payload crypter supports over 4 programming languages.
Language: Go - Size: 27.3 KB - Last synced at: 1 day ago - Pushed at: 10 months ago - Stars: 42 - Forks: 7
swagkarna/Chuvi-Botnet
Fud Persistent Windows Backdoor developed purely in python
Language: Python - Size: 3.91 MB - Last synced at: about 1 month ago - Pushed at: about 4 years ago - Stars: 29 - Forks: 14
athenahax/pie
Encode raw bytes into their corresponding locations in pi. (PoC)
Language: C - Size: 11.7 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0
VirtualAlllocEx/Create_Thread-Inline_Assembly_x86_Fibers
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
Language: C++ - Size: 466 KB - Last synced at: about 9 hours ago - Pushed at: about 2 years ago - Stars: 7 - Forks: 4
VirtualAlllocEx/Create_Thread_Inline_Assembly_x86
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
Language: C++ - Size: 563 KB - Last synced at: about 9 hours ago - Pushed at: about 2 years ago - Stars: 18 - Forks: 9
VirtualAlllocEx/Shell-we-Assembly
Shellcode execution via x86 inline assembly based on MSVC syntax
Language: C++ - Size: 26.4 KB - Last synced at: 6 days ago - Pushed at: almost 2 years ago - Stars: 13 - Forks: 5
VirtualAlllocEx/DSC_SVC_REMOTE
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
Language: C - Size: 21.5 KB - Last synced at: about 9 hours ago - Pushed at: almost 2 years ago - Stars: 51 - Forks: 11
Lucas310302/Coin-Nest
XMR Miner Malware
Language: Python - Size: 6.48 MB - Last synced at: 9 days ago - Pushed at: over 1 year ago - Stars: 7 - Forks: 3
x0reaxeax/SyscallHookBypass
NTAPI hook bypass with (semi) legit stack trace
Language: C - Size: 8.79 KB - Last synced at: 6 days ago - Pushed at: almost 2 years ago - Stars: 14 - Forks: 2
x0reaxeax/SilentWrite
PoC arbitrary WPM without a process handle
Language: C - Size: 9.77 KB - Last synced at: 6 days ago - Pushed at: over 1 year ago - Stars: 18 - Forks: 3
swagkarna/PuttyorMalware
Using bitsadmin to download our malware and to bypass defender
Language: Visual Basic .NET - Size: 750 KB - Last synced at: about 1 month ago - Pushed at: about 4 years ago - Stars: 27 - Forks: 12
Vith0r/Indirect-Syscalls
Indirect Syscalls Loader
Language: C - Size: 14.6 KB - Last synced at: 4 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0
GetRektBoy724/MeterPwrShell 📦
Automated Tool That Generates The Perfect Meterpreter Powershell Payload
Size: 253 KB - Last synced at: 5 months ago - Pushed at: over 3 years ago - Stars: 224 - Forks: 41
GetRektBoy724/SharpUnhooker
C# Based Universal API Unhooker
Language: C# - Size: 443 KB - Last synced at: 5 months ago - Pushed at: about 3 years ago - Stars: 391 - Forks: 75
aniko33/Crystal 📦
A simple stealer made in Rust, written for fun
Language: Rust - Size: 72.3 KB - Last synced at: 9 days ago - Pushed at: 9 months ago - Stars: 3 - Forks: 0
KnightChaser/kaldrexx
A simple HTTPS reverse shell malware implementation written in Go, evading Windows Defender detection via AES
Language: Go - Size: 1.51 MB - Last synced at: 28 days ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 0
Souhardya/IMProtector
Old 32 bit PE executable protector / crypter
Language: C++ - Size: 35.2 KB - Last synced at: 22 days ago - Pushed at: over 3 years ago - Stars: 14 - Forks: 8
julecko/AV-Evasion
Simple but effective methods to avoid being detected by antivirus
Language: C - Size: 2.7 MB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 0 - Forks: 0
VEN0MTOOLS/VENOM-FUD-CRYPTER-SOFTWARE
FUD Crypter is encryption tool. You can make FUD your files to bypass antiviruses “Windows Defender AMSI” etc. Also you can protect your own codes with FUD Crypter 2024. You can get FUD Results with Crypter FUD 2024 on Scantime and Runtime. Your file will be secure with our encryption.
Size: 5.86 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 0 - Forks: 0
thomasxm/BOAZ
A Multilayered AV/EDR Evasion Framework and AV Testing Tool.
Size: 50.8 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 2 - Forks: 0
swagkarna/shell_gain-v1
reverse shell
Language: Python - Size: 5.86 KB - Last synced at: 18 days ago - Pushed at: about 5 years ago - Stars: 6 - Forks: 1
ANK1036Official/Satangle
Script which helps the creation of antivirus evading malware.
Language: Shell - Size: 4.88 KB - Last synced at: 16 days ago - Pushed at: about 8 years ago - Stars: 4 - Forks: 2
24greyhat/Hips
Hidden in plain sight! simple yet effective covert way to obfuscate data (e.g., shellcode), no one will tell gibberish from malicious!
Language: Python - Size: 1000 Bytes - Last synced at: 12 days ago - Pushed at: 12 months ago - Stars: 2 - Forks: 2
acheong08/py-obfuscate
Obfuscate python code to a single Unicode one liner
Language: Python - Size: 410 KB - Last synced at: 6 days ago - Pushed at: over 2 years ago - Stars: 5 - Forks: 1
Ponk445/PDF-EXPLOIT
FUD PDF EXPLOIT SOURCE CODE, reverse shell using pdf file
Language: Python - Size: 213 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 14 - Forks: 2
Cipher7/ApexLdr
ApexLdr is a DLL Payload Loader written in C
Language: C - Size: 738 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 72 - Forks: 16
Enelg52/Gofrette
Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.
Language: Go - Size: 6.87 MB - Last synced at: 10 months ago - Pushed at: over 2 years ago - Stars: 37 - Forks: 7
VBV11/WinRM-Reverse-Shell
WinRM Reverse Shell Using Powershell.
Language: PowerShell - Size: 45.9 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 2 - Forks: 0
Chainski/Chainski-Crypter Fork of NYAN-x-CAT/Lime-Crypter
Lime Crypter Obfuscator Mod
Language: C# - Size: 4.99 MB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 23 - Forks: 6
digilolnet/pint-c2
eBPF evading C2
Language: Python - Size: 18.6 KB - Last synced at: about 1 month ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0
unknxwnleaks/Crypter
My personal "MUCKCrypter" a longtime project.
Size: 0 Bytes - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0
pard0p/CallstackSpoofingPOC
C++ self-Injecting dropper based on various EDR evasion techniques.
Language: C - Size: 46.9 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 255 - Forks: 55
hackerOrionX/ORIONX-FUD-CRYPTER
The only FREE and 100% FUD crypter that will still FUD, work on Windows. Powerfull obfuscator to bypass Anti-Viruses detection.
Language: Tcl - Size: 97 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 33 - Forks: 3
DigiDonkz/TheCrypter
Web-based Polymorphic Runtime Crypter FUD
Size: 760 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 2 - Forks: 0
njcve/inflate.py
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
Language: Python - Size: 3.91 KB - Last synced at: about 1 year ago - Pushed at: about 3 years ago - Stars: 112 - Forks: 15
Mystery-Dynamics/Mys_C2Exchange
Simple C2 via MS Exchange HTTP to evade AV and Network Traffic Restrictions.
Language: Go - Size: 17.6 KB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0
Sma-Das/powershell-utils
A repository containing utilities related to PowerShell
Language: PowerShell - Size: 279 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0
winterrdog/fast_entropy_calc
Calculate the Shannon entropy of the provided file.
Language: C++ - Size: 17.6 KB - Last synced at: 7 days ago - Pushed at: about 2 years ago - Stars: 5 - Forks: 0
AdvDebug/MineRootkit 📦
PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.
Language: C# - Size: 53.7 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 52 - Forks: 12
GetRektBoy724/BetterXencrypt
A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.
Language: PowerShell - Size: 99.6 KB - Last synced at: over 1 year ago - Pushed at: almost 4 years ago - Stars: 200 - Forks: 46
DragonRaaS/Dragon-Ransomware
New Ransomware bypassing EDR, AVs, UAC, Sandboxes.
Language: C# - Size: 1.95 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0
loadenmb/tvasion
:performing_arts: Anti virus evasion based on file signature change via AES encryption with Powershell and C# AV evasion templates which support executable and Powershell payloads with Windows executable, Powershell or batch output. Developed with Powershell on Linux for Windows targets :)
Language: PowerShell - Size: 137 KB - Last synced at: over 1 year ago - Pushed at: over 5 years ago - Stars: 75 - Forks: 28
giacomoarienti/cybersec-blog
A cybersecurity related blog
Language: Ruby - Size: 80.1 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0
FreeLesio/Rubber-Ducky-Reverse-Shell
Fast & Silent Script For Rubber Ducky To Inject Reverse Shell
Size: 37.1 KB - Last synced at: almost 2 years ago - Pushed at: over 3 years ago - Stars: 15 - Forks: 3
bobby-tablez/Heuristic-Confuser
Sandbox/Heuristic PowerShell Bypass
Language: PowerShell - Size: 3.91 KB - Last synced at: almost 2 years ago - Pushed at: about 2 years ago - Stars: 2 - Forks: 0
ChimesOfDestruction/Crypters-Source-Collection
SRC Collection: Autoit, Delphi, .NET, VB6, C++ and more.
Size: 150 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0
vxlabinfo/SignFinder
Tool for easy clean PE32 from AV signature
Language: Python - Size: 13.7 KB - Last synced at: about 2 years ago - Pushed at: over 8 years ago - Stars: 27 - Forks: 11
padovah4ck/RedSharp
Penetration Test / Read Team - C# tools repository
Language: C# - Size: 151 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 50 - Forks: 20
tid4l/TallGrass
An AV exclusion enumeration tool written in Python.
Language: Python - Size: 78.1 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 61 - Forks: 6
GetRektBoy724/TripleS
Extracting Syscall Stub, Modernized
Language: C# - Size: 75.2 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 51 - Forks: 17
MFernstrom/Blowfish-Base64
Desktop tool to encrypt a string with Blowfish and Base64 encode the result
Language: Pascal - Size: 573 KB - Last synced at: 8 days ago - Pushed at: almost 3 years ago - Stars: 2 - Forks: 1
redteam88/KillDefenderBOF Fork of Cerbersec/KillDefenderBOF
Beacon Object File PoC implementation of KillDefender
Language: C - Size: 99.6 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 7 - Forks: 1
enascimento/gym-malware Fork of endgameinc/gym-malware
This is a malware manipulation environment for OpenAI's gym
Language: Python - Size: 567 KB - Last synced at: almost 2 years ago - Pushed at: over 7 years ago - Stars: 3 - Forks: 0
