Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆444Jul 10, 2024Updated last year
Alternatives and similar repositories for Evasions
Users that are interested in Evasions are comparing it to the libraries listed below
Sorting:
- InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date…☆585Apr 5, 2022Updated 3 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆754Nov 16, 2021Updated 4 years ago
- Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process☆231Jul 30, 2020Updated 5 years ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆346Sep 1, 2021Updated 4 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- Small and convenient C2 tool for Windows targets☆612Mar 8, 2022Updated 3 years ago
- ☆110May 14, 2018Updated 7 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆362Feb 24, 2023Updated 3 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,182Jul 5, 2023Updated 2 years ago
- A shellcode function to encrypt a running process image when sleeping.☆340Sep 11, 2021Updated 4 years ago
- Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.☆932Jun 1, 2021Updated 4 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Feb 26, 2024Updated 2 years ago
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago
- Adaptive DLL hijacking / dynamic export forwarding☆807Jul 6, 2020Updated 5 years ago
- C/C++ source obfuscator for antivirus bypass☆1,062Mar 10, 2022Updated 3 years ago
- ☆826Dec 28, 2019Updated 6 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆498Feb 3, 2022Updated 4 years ago
- Tool to create hidden registry keys.☆491Oct 23, 2019Updated 6 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆824Aug 23, 2021Updated 4 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- Evade sysmon and windows event logging☆625Apr 8, 2020Updated 5 years ago
- A protective and Low Level Shellcode Loader that defeats modern EDR systems.☆917Mar 20, 2024Updated last year
- C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed☆244Aug 12, 2020Updated 5 years ago
- Open-Source Shellcode & PE Packer☆2,067Feb 3, 2024Updated 2 years ago
- AV/EDR evasion via direct system calls.☆1,793Sep 3, 2022Updated 3 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,592Jul 31, 2024Updated last year
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- ☆169Dec 8, 2022Updated 3 years ago
- AV/EDR evasion via direct system calls.☆1,990Jan 1, 2023Updated 3 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…☆538Sep 18, 2022Updated 3 years ago
- OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team…☆819Oct 27, 2023Updated 2 years ago
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,727Jan 16, 2026Updated last month
- ☆415Apr 28, 2021Updated 4 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- Also known by Microsoft as Knifecoat☆1,153Dec 22, 2022Updated 3 years ago