APTortellini / DefenderSwitchLinks
Stop Windows Defender using the Win32 API
☆194Updated 3 years ago
Alternatives and similar repositories for DefenderSwitch
Users that are interested in DefenderSwitch are comparing it to the libraries listed below
Sorting:
- CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)☆288Updated 3 years ago
- Another meterpreter injection technique using C# that attempts to bypass Defender☆260Updated 3 years ago
- Process Ghosting Tool☆174Updated 4 years ago
- Beacon Object File (BOF) for remote process injection via thread hijacking☆213Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆158Updated 4 years ago
- AmsiScanBufferBypass using D/Invoke☆135Updated 4 years ago
- Move CS beacon to GPU memory when sleeping☆246Updated 3 years ago
- Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)☆254Updated 2 years ago
- Exploring in-memory execution of .NET☆139Updated 3 years ago
- WIP shellcode loader in nim with EDR evasion techniques☆220Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆235Updated 4 years ago
- How to spoof the command line when spawning a new process from C#.☆107Updated 3 years ago
- Evasive Process Hollowing Techniques☆142Updated 5 years ago
- A fake AMSI Provider which can be used for persistence.☆151Updated 4 years ago
- Convert shellcode generated using pe_2_shellcode to cdb format.☆99Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆159Updated 4 years ago
- Pseudorandom AES-256 encryption designed to protect shellcode and arbitrary strings. C# and C/C++ compatible.☆102Updated 3 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆166Updated 3 years ago
- You shall pass☆265Updated 3 years ago
- A basic emulation of an "RPC Backdoor"☆242Updated 3 years ago
- ☆134Updated 2 years ago
- ☆201Updated 4 years ago
- ☆165Updated last year
- Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…☆230Updated last year
- Project to check which Nt/Zw functions your local EDR is hooking☆196Updated 4 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆147Updated 3 years ago
- Simple DLL that add a user to the local Administrators group☆78Updated 3 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆174Updated 2 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆299Updated 2 years ago
- ☆153Updated 3 years ago