CheckPointSW / Evasions
Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆405Updated 10 months ago
Alternatives and similar repositories for Evasions
Users that are interested in Evasions are comparing it to the libraries listed below
Sorting:
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆743Updated last year
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆737Updated 3 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆701Updated 4 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆609Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆730Updated last month
- Quickly debug shellcode extracted during malware analysis☆603Updated last year
- Expriments☆455Updated 7 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆388Updated this week
- Live hunting of code injection techniques☆382Updated 5 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,135Updated last year
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆176Updated 3 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆636Updated 2 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆420Updated 4 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆658Updated last year
- ☆750Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆793Updated 4 years ago
- Extract Windows Defender database from vdm files and unpack it☆440Updated 5 years ago
- ☆297Updated 4 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆766Updated 3 years ago
- Original C Implementation of the Hell's Gate VX Technique☆1,038Updated 3 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆811Updated 3 years ago
- A modular C2 framework☆463Updated last month
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆546Updated last year
- ☆470Updated last year
- LSASS memory dumper using direct system calls and API unhooking.☆1,531Updated 4 years ago
- ☆813Updated 5 years ago
- Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.☆461Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆941Updated 2 years ago
- Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]☆601Updated 3 years ago
- AV/EDR evasion via direct system calls.☆1,866Updated 2 years ago