Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

Topic: "edr-bypass"

klezVirus/inceptor

Template-Driven AV/EDR Evasion Framework

Language: Assembly - Size: 19.9 MB - Last synced at: 1 day ago - Pushed at: over 1 year ago - Stars: 1,679 - Forks: 269

tkmru/awesome-edr-bypass

Awesome EDR Bypass Resources For Ethical Hacking

Size: 79.1 KB - Last synced at: 3 days ago - Pushed at: 4 months ago - Stars: 1,187 - Forks: 120

thomasxm/BOAZ_beta

Multilayered AV/EDR Evasion Framework

Language: C++ - Size: 85.6 MB - Last synced at: 30 minutes ago - Pushed at: about 1 hour ago - Stars: 662 - Forks: 108

VirtualAlllocEx/DEFCON-31-Syscalls-Workshop

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Language: C - Size: 16.3 MB - Last synced at: about 2 hours ago - Pushed at: over 1 year ago - Stars: 658 - Forks: 95

NUL0x4C/AtomPePacker

A Highly capable Pe Packer

Language: C - Size: 119 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 638 - Forks: 112

georgesotiriadis/Chimera

Automated DLL Sideloading Tool With EDR Evasion Capabilities

Language: Python - Size: 1.26 MB - Last synced at: about 1 month ago - Pushed at: over 1 year ago - Stars: 470 - Forks: 56

WesleyWong420/RedTeamOps-Havoc-101

Materials for the workshop "Red Team Ops: Havoc 101"

Language: C# - Size: 22.9 MB - Last synced at: about 1 month ago - Pushed at: 7 months ago - Stars: 371 - Forks: 50

f1zm0/acheron

indirect syscalls for AV/EDR evasion in Go assembly

Language: Assembly - Size: 332 KB - Last synced at: about 1 month ago - Pushed at: almost 2 years ago - Stars: 325 - Forks: 38

V-i-x-x/AMSI-BYPASS

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Language: PowerShell - Size: 3.06 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 270 - Forks: 47

VirtualAlllocEx/Create-Thread-Shellcode-Fetcher

This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.

Language: C++ - Size: 2.71 MB - Last synced at: 2 days ago - Pushed at: almost 2 years ago - Stars: 247 - Forks: 51

fortra/hw-call-stack

Use hardware breakpoints to spoof the call stack for both syscalls and API calls

Language: C - Size: 277 KB - Last synced at: 10 days ago - Pushed at: 12 months ago - Stars: 195 - Forks: 28

VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

Language: C - Size: 24.4 KB - Last synced at: 2 days ago - Pushed at: over 1 year ago - Stars: 190 - Forks: 24

dobin/antnium

A C2 framework for initial access in Go

Language: Go - Size: 2.61 MB - Last synced at: about 1 month ago - Pushed at: almost 3 years ago - Stars: 179 - Forks: 38

mrexodia/lolbin-poc

Small PoC of using a Microsoft signed executable as a lolbin.

Language: C++ - Size: 5.86 KB - Last synced at: about 2 months ago - Pushed at: about 2 years ago - Stars: 136 - Forks: 16

VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

Language: C - Size: 592 KB - Last synced at: 2 days ago - Pushed at: about 2 years ago - Stars: 133 - Forks: 23

njcve/inflate.py

Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.

Language: Python - Size: 3.91 KB - Last synced at: about 1 year ago - Pushed at: about 3 years ago - Stars: 112 - Forks: 15

voidvxvt/HellBunny

Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks

Language: C - Size: 617 KB - Last synced at: about 1 month ago - Pushed at: 5 months ago - Stars: 101 - Forks: 19

oldkingcone/BYOSI

Evade EDR's the simple way, by not touching any of the API's they hook.

Language: PHP - Size: 35.2 KB - Last synced at: about 1 month ago - Pushed at: 4 months ago - Stars: 94 - Forks: 13

VirtualAlllocEx/DSC_SVC_REMOTE

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

Language: C - Size: 21.5 KB - Last synced at: 2 days ago - Pushed at: about 2 years ago - Stars: 51 - Forks: 11

itaymigdal/PichichiH0ll0wer

Nim process hollowing loader

Language: Nim - Size: 2.56 MB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 46 - Forks: 11

Chainski/PandaLoader

A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.

Language: C++ - Size: 205 KB - Last synced at: about 1 month ago - Pushed at: 9 months ago - Stars: 42 - Forks: 6

0xflux/Rust-Hells-Gate

Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust

Language: Rust - Size: 70.3 KB - Last synced at: about 1 month ago - Pushed at: 12 months ago - Stars: 40 - Forks: 4

roadwy/SideloadFinder

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.

Language: Python - Size: 331 KB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 39 - Forks: 4

Adkali/PowerJoker

PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.

Language: Python - Size: 95.7 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 37 - Forks: 8

CroodSolutions/AutoPwnKey

AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. It is our hope that this tool will be useful to red teams over the short term, while over the long term help AV/EDR vendors improve how they handle AHK scripts.

Language: AutoHotkey - Size: 1.28 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 25 - Forks: 5

0mWindyBug/MinifilterHook

silence file system monitoring components by hooking their minifilters

Language: C - Size: 1.67 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 25 - Forks: 6

EvilBytecode/Ntdll-Unhook

Unhook Ntdll.dll, Go & C++.

Language: C++ - Size: 8.79 KB - Last synced at: about 18 hours ago - Pushed at: 26 days ago - Stars: 22 - Forks: 3

0xflux/ETW-Bypass-Rust

Event Tracing for Windows EDR bypass in Rust (usermode)

Language: Rust - Size: 15.6 KB - Last synced at: about 1 month ago - Pushed at: 11 months ago - Stars: 19 - Forks: 2

x0reaxeax/SilentWrite

PoC arbitrary WPM without a process handle

Language: C - Size: 9.77 KB - Last synced at: 6 days ago - Pushed at: almost 2 years ago - Stars: 19 - Forks: 3

melotic/nanostorm

An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.

Language: Rust - Size: 140 KB - Last synced at: about 2 months ago - Pushed at: 5 months ago - Stars: 18 - Forks: 1

VirtualAlllocEx/Create_Thread_Inline_Assembly_x86

This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly

Language: C++ - Size: 563 KB - Last synced at: 2 days ago - Pushed at: about 2 years ago - Stars: 18 - Forks: 9

x0reaxeax/SysCook64

Indirect Syscall invocation via thread hijacking

Language: C - Size: 12.7 KB - Last synced at: 6 days ago - Pushed at: about 2 years ago - Stars: 16 - Forks: 3

x0reaxeax/SyscallHookBypass

NTAPI hook bypass with (semi) legit stack trace

Language: C - Size: 8.79 KB - Last synced at: 6 days ago - Pushed at: about 2 years ago - Stars: 15 - Forks: 2

CodeXTF2/evasion-adventures-files

Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"

Language: C++ - Size: 6.75 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 14 - Forks: 7

VirtualAlllocEx/Shell-we-Assembly

Shellcode execution via x86 inline assembly based on MSVC syntax

Language: C++ - Size: 26.4 KB - Last synced at: 6 days ago - Pushed at: about 2 years ago - Stars: 13 - Forks: 5

Offensive-Panda/WPM-MAJIC-ENTRY-POINT-INJECTION

This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission and write the shellcode.

Language: C++ - Size: 41.9 MB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 12 - Forks: 1

PapkuWorld/Rat-Botnet

Powerful Rat/Botnet written C/C++ and Rust works on Windows, Linux and Mac OS, Android and IOT Devices Central / P2P Architecture. (Project Under Development)

Language: C++ - Size: 52.7 KB - Last synced at: 24 days ago - Pushed at: 10 months ago - Stars: 10 - Forks: 3

EvilBytecode/Powershell-Persistance

Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do not take any responsibility for its use or any actions taken.

Language: Go - Size: 6.84 KB - Last synced at: 28 days ago - Pushed at: 11 months ago - Stars: 9 - Forks: 1

VirtualAlllocEx/Create_Thread-Inline_Assembly_x86_Fibers

This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers

Language: C++ - Size: 466 KB - Last synced at: 2 days ago - Pushed at: about 2 years ago - Stars: 7 - Forks: 4

V-i-x-x/kernel-callback-removal

kernel callback removal (Bypassing EDR Detections)

Language: C++ - Size: 1.47 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 6 - Forks: 1

tholian-network/warps

:telescope: Warping your own Internet everywhere you go :satellite:

Language: Go - Size: 181 KB - Last synced at: about 1 month ago - Pushed at: 7 months ago - Stars: 6 - Forks: 1

droberson/hammertime

PoC LKM to force run cleanup_module() on other LKMs

Language: C - Size: 43 KB - Last synced at: 6 days ago - Pushed at: about 1 month ago - Stars: 4 - Forks: 0

WafflesExploits/Dynamic-HTTP-Payload-Stager

A dynamic HTTP/s Payload Stager that automates updating decryption variables, saving time and effort in managing shellcode loaders.

Language: C++ - Size: 30.3 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 4 - Forks: 1

0xflux/Rust-APC-Queue-Injection

APC Queue Injection EDR Evasion in Rust

Language: Rust - Size: 5.86 KB - Last synced at: about 1 month ago - Pushed at: 11 months ago - Stars: 4 - Forks: 1

JenarGithub76/payload-obfuscator

A Python-based tool for studying and practicing Windows PE binary obfuscation techniques.

Size: 1000 Bytes - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 3 - Forks: 0

WafflesExploits/CobaltStrike-YARA-Bypass-f0b627fc

Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.

Language: Python - Size: 12.7 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 3 - Forks: 0

ricardojoserf/goNtdllOverwrite

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process

Language: Go - Size: 12.7 KB - Last synced at: 8 months ago - Pushed at: 10 months ago - Stars: 3 - Forks: 2

k3lpi3b4nsh33/BlindEdr

A Blind EDR Project for Educational Purposes

Language: C - Size: 508 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 2 - Forks: 4

Koray123-debug/The-Titan-Crypter

Size: 10.7 KB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 1 - Forks: 0

noderaven/payload-obfuscator

A Python-based tool for studying and practicing Windows PE binary obfuscation techniques.

Language: Python - Size: 132 KB - Last synced at: about 2 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

xiosec/Evil-MSCLR

Evil-MSCLR is a tool to load ShellCode and execute commands via the CLR feature in MSSQL.

Language: Go - Size: 3.97 MB - Last synced at: 2 months ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0

Cyb3rV1c/ThreadVeil

Tool That Injects Shell via Remote Thread Hijacking

Language: C++ - Size: 31.3 KB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 1 - Forks: 0

SnipSnapp/Random-Powershell

Mostly malicious or abusable powershell I've written

Language: PowerShell - Size: 49.8 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 1 - Forks: 1

EvilBytecode/GoPulzeTerminator

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!

Language: Go - Size: 118 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 1 - Forks: 0

asciistring/Kraken-Crypter-v5-Native-Turbo-

Kraken Crypter v5 (Native/Turbo)

Size: 17.6 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 0

Bawless-Services/Bawless-Services-EDR-Crypter

Bawless Services strives to provide excellent service to our customers, though we recognize there is always room for improvement. We are committed to listening

Size: 25.4 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

Hanbry/Custom-PE-Packer

Custom binary file packer/encoder with integrated decoder stub. A pentest-tool for modern EDR evasion.

Language: C - Size: 64.5 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

DragonRaaS/Dragon-Ransomware

New Ransomware bypassing EDR, AVs, UAC, Sandboxes.

Language: C# - Size: 1.95 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

luciabglthecat/Luxury-Crypter-18

Luxury Shield 18

Size: 12.7 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

LuxuryrDs/Luxury-Crypter

Luxury Crypter - Free Version v1.0.0

Size: 0 Bytes - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

FantaTastic-jpg/kernel-callback-removal

kernel callback removal (Bypassing EDR Detections)

Language: C++ - Size: 4.9 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

Abhinandan-Khurana/exploit-payload-generator-ai-agent

A powerful local AI-agentic tool that generates and validates advanced exploit payloads using CrewAI framework.

Language: Python - Size: 168 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

oldkingcone/Tucker

Like the chimera of Nina Tucker, PHP based local enumeration of windows systems.

Language: PHP - Size: 21.5 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

hackforyourentertainment/Misery

Misery Loader to bypass modern EDR solutions

Language: C++ - Size: 43.9 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 1

Offensive-Panda/PEB_WALK_AND_API_OBFUSCATION_INJECTION

This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.

Language: C++ - Size: 48.2 MB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0

ricardojoserf/pyNtdllOverwrite

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process

Language: Python - Size: 10.7 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0

k4itruns/crypter-kraken

Kraken Crypter v5 (Native/Turbo)

Size: 817 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 0 - Forks: 0

Related Topics
edr-evasion 40 av-evasion 18 av-bypass 17 redteam 13 malware 10 edr 9 bypass-antivirus 8 pentesting 8 red-team 8 windows 7 obfuscation 7 malware-development 7 red-teaming 7 antivirus-evasion 6 offensive-security 6 shellcode-loader 5 redteam-tools 5 process-injection 5 redteaming 5 evasion 5 fud 5 fud-crypter 5 shellcode-injection 5 payload-generator 5 direct-syscalls 5 pentest 5 malware-research 4 rust 4 bypass-windows-defender 4 pentest-tool 4 red-team-tools 4 obfuscator 4 kernel 4 ntdll-unhooking 3 red-teaming-tools 3 crypter 3 detection-evasion 3 malware-analysis 3 syscalls 3 silent-exploit 3 shellcode 3 dll-sideloading 3 etw-bypass 3 penetration-testing 3 indirect-syscalls 3 inline-assembly 3 antivirus-bypass 3 powershell 3 python3 2 av-edr-bypass 2 fud-rat 2 amsi-evasion 2 assembly 2 amsi-bypass 2 crypter-fud 2 av 2 pe-loader 2 indirect-syscall 2 linux 2 hacking 2 ethical-hacking 2 fud-bypass 2 fud-crypter-2023 2 fud-crypter-2024 2 runtime-analysis 2 opsec 2 bypass-edr 2 runpe 2 etw-evasion 2 packer 2 pe-packer 2 driver 2 rat 2 windows-internals 2 code-injection 2 avbypass 2 poc 2 hooking 2 cpp 2 pentesting-tools 2 hook-bypass 2 luxury-shield-crypter 2 pentest-scripts 2 luxury-crypter 2 obfuscation-script 2 luxury-shield 2 payload-obfuscation 2 obfuscation-tool 2 automatization 1 execution 1 methods 1 github 1 evade 1 hellsgate 1 joker 1 rust-lang 1 cobalt-strike 1 python 1 php 1 yara-rules 1