CheckPointSW / EvasionsLinks
Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆433Updated last year
Alternatives and similar repositories for Evasions
Users that are interested in Evasions are comparing it to the libraries listed below
Sorting:
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆748Updated 3 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆774Updated last year
- Expriments☆468Updated last year
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆710Updated 5 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆628Updated 3 years ago
- Quickly debug shellcode extracted during malware analysis☆615Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆667Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆813Updated 4 years ago
- ☆300Updated 4 years ago
- Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.☆190Updated 2 months ago
- ☆768Updated last year
- Extract Windows Defender database from vdm files and unpack it☆462Updated last month
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆583Updated last year
- Dynamic unpacker based on PE-sieve☆768Updated 3 weeks ago
- ☆822Updated 5 years ago
- Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]☆614Updated 3 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,160Updated 2 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆426Updated 5 years ago
- A way to delete a locked file, or current running executable, on disk.☆606Updated last month
- Live hunting of code injection techniques☆383Updated 6 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆822Updated 3 years ago
- Research on Anti-malware and other related security solutions☆260Updated 5 years ago
- ☆479Updated 2 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆581Updated 2 years ago
- Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.☆476Updated last year
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆181Updated 2 months ago
- The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).☆234Updated 9 months ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆809Updated 4 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆658Updated 2 years ago
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆458Updated 3 years ago