Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆444Mar 31, 2026Updated last week
Alternatives and similar repositories for Evasions
Users that are interested in Evasions are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date…☆590Mar 31, 2026Updated last week
- Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of v…☆67Mar 31, 2026Updated last week
- A more stealthy variant of "DLL hollowing"☆365Mar 8, 2024Updated 2 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Feb 26, 2024Updated 2 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆759Nov 16, 2021Updated 4 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆501Feb 3, 2022Updated 4 years ago
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.☆6,905Apr 1, 2026Updated last week
- Small and convenient C2 tool for Windows targets☆615Mar 8, 2022Updated 4 years ago
- A shellcode function to encrypt a running process image when sleeping.☆338Sep 11, 2021Updated 4 years ago
- ☆110May 14, 2018Updated 7 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆363Feb 24, 2023Updated 3 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,610Jul 31, 2024Updated last year
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process☆230Jul 30, 2020Updated 5 years ago
- Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.☆935Jun 1, 2021Updated 4 years ago
- Open-Source Shellcode & PE Packer☆2,084Feb 3, 2024Updated 2 years ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆344Sep 1, 2021Updated 4 years ago
- AV/EDR evasion via direct system calls.☆2,001Jan 1, 2023Updated 3 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆825Aug 23, 2021Updated 4 years ago
- Adaptive DLL hijacking / dynamic export forwarding☆811Jul 6, 2020Updated 5 years ago
- C/C++ source obfuscator for antivirus bypass☆1,066Mar 10, 2022Updated 4 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,188Jul 5, 2023Updated 2 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,744Jan 16, 2026Updated 2 months ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- ☆828Dec 28, 2019Updated 6 years ago
- A technique of hiding malicious shellcode via Shannon encoding.☆267Oct 23, 2022Updated 3 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- Tool to create hidden registry keys.☆489Oct 23, 2019Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Enumerate and disable common sources of telemetry used by AV/EDR.☆848Mar 11, 2021Updated 5 years ago
- Also known by Microsoft as Knifecoat☆1,151Dec 22, 2022Updated 3 years ago
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago
- AV/EDR evasion via direct system calls.☆1,807Sep 3, 2022Updated 3 years ago
- Red Team C code repo☆569Dec 16, 2024Updated last year
- LSASS memory dumper using direct system calls and API unhooking.☆1,582Jan 5, 2021Updated 5 years ago
- Evade sysmon and windows event logging☆625Apr 8, 2020Updated 6 years ago