CheckPointSW / Evasions
Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆386Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for Evasions
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆724Updated 3 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆686Updated 8 months ago
- ☆290Updated 3 years ago
- Expriments☆442Updated last month
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆417Updated 4 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆580Updated 2 years ago
- Research on Anti-malware and other related security solutions☆257Updated 4 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆685Updated 4 years ago
- Quickly debug shellcode extracted during malware analysis☆565Updated last year
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆165Updated 2 months ago
- Dynamic unpacker based on PE-sieve☆658Updated 8 months ago
- Live hunting of code injection techniques☆375Updated 5 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆343Updated 3 weeks ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,093Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆770Updated 3 years ago
- ☆462Updated last year
- A modular C2 framework☆398Updated this week
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆631Updated 8 months ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆716Updated 3 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆543Updated this week
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆573Updated 6 months ago
- Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]☆566Updated 2 years ago
- ☆798Updated 4 years ago
- Extract Windows Defender database from vdm files and unpack it☆425Updated 4 years ago
- A way to delete a locked file, or current running executable, on disk.☆499Updated 3 months ago
- Just another Windows Process Injection☆389Updated 4 years ago
- Malduck is your ducky companion in malware analysis journeys☆319Updated 5 months ago
- A memory scanning evasion technique☆839Updated 7 years ago
- InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date…☆537Updated 2 years ago