5h3r10ck / antivirus-evasionLinks
Applying some AV evasion techniques on a metasploit reverse shell
☆18Updated 4 years ago
Alternatives and similar repositories for antivirus-evasion
Users that are interested in antivirus-evasion are comparing it to the libraries listed below
Sorting:
- Shellcode injector using direct syscalls☆123Updated 5 years ago
- Injects shellcode into remote processes using direct syscalls☆79Updated 4 years ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆40Updated 4 years ago
- AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.☆65Updated 5 years ago
- AMSI Bypass Via the Heap☆107Updated 4 years ago
- C++ implant that interfaces with a SK8PARK server☆49Updated 4 years ago
- File Write Weapon for Privilege Escalation To get SYSTEM☆18Updated 5 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆104Updated 2 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆111Updated 3 years ago
- ☆55Updated 3 years ago
- transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV☆49Updated 4 years ago
- DInvisibleRegistry☆82Updated 4 years ago
- Video files for eBook: "Bypassing AVs by C#.NET Programming"☆41Updated 2 years ago
- Weaponizing for privileged file writes bugs with PrintNotify Service☆133Updated 3 years ago
- Simple DLL that add a user to the local Administrators group☆78Updated 3 years ago
- SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#☆64Updated 2 years ago
- RDPThief donut shellcode inject into mstsc☆88Updated 4 years ago
- A port of FuzzySecurity's UrbanBishop project for inline shellcode execution☆118Updated 4 years ago
- NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)☆118Updated 2 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- Cobalt Strike BOF Files with Nim!☆86Updated 3 years ago
- I used this to see if an EDR is running in Safe Mode☆36Updated 4 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆119Updated 5 years ago
- UUID based Shellcode loader for your favorite C2☆86Updated 3 years ago
- AmsiScanBufferBypass using D/Invoke☆136Updated 4 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆91Updated 4 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆77Updated 5 years ago
- Custom Cobalt Strike stagers using different methods of thread execution and memory allocation☆110Updated 5 years ago
- C# PoC implementation for bypassing AMSI via in memory patching☆65Updated 5 years ago
- adding a backdooruser using win32api☆80Updated 5 years ago