Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆444Jul 10, 2024Updated last year
Alternatives and similar repositories for Evasions
Users that are interested in Evasions are comparing it to the libraries listed below
Sorting:
- InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date…☆590Apr 5, 2022Updated 3 years ago
- Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of v…☆67Nov 8, 2023Updated 2 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Feb 26, 2024Updated 2 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆756Nov 16, 2021Updated 4 years ago
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆498Feb 3, 2022Updated 4 years ago
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.☆6,885Mar 1, 2026Updated 2 weeks ago
- Small and convenient C2 tool for Windows targets☆613Mar 8, 2022Updated 4 years ago
- A shellcode function to encrypt a running process image when sleeping.☆339Sep 11, 2021Updated 4 years ago
- ☆110May 14, 2018Updated 7 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆362Feb 24, 2023Updated 3 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,601Jul 31, 2024Updated last year
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆350Jul 3, 2022Updated 3 years ago
- Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process☆230Jul 30, 2020Updated 5 years ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆345Sep 1, 2021Updated 4 years ago
- Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.☆933Jun 1, 2021Updated 4 years ago
- Open-Source Shellcode & PE Packer☆2,074Feb 3, 2024Updated 2 years ago
- AV/EDR evasion via direct system calls.☆1,999Jan 1, 2023Updated 3 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆824Aug 23, 2021Updated 4 years ago
- Adaptive DLL hijacking / dynamic export forwarding☆807Jul 6, 2020Updated 5 years ago
- C/C++ source obfuscator for antivirus bypass☆1,065Mar 10, 2022Updated 4 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,188Jul 5, 2023Updated 2 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,735Jan 16, 2026Updated 2 months ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- ☆825Dec 28, 2019Updated 6 years ago
- A technique of hiding malicious shellcode via Shannon encoding.☆265Oct 23, 2022Updated 3 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆338Jan 16, 2022Updated 4 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- Tool to create hidden registry keys.☆490Oct 23, 2019Updated 6 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆843Mar 11, 2021Updated 5 years ago
- Also known by Microsoft as Knifecoat☆1,152Dec 22, 2022Updated 3 years ago
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago
- Red Team C code repo☆569Dec 16, 2024Updated last year
- AV/EDR evasion via direct system calls.☆1,797Sep 3, 2022Updated 3 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,579Jan 5, 2021Updated 5 years ago
- Evade sysmon and windows event logging☆625Apr 8, 2020Updated 5 years ago