Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.
☆444Mar 31, 2026Updated last month
Alternatives and similar repositories for Evasions
Users that are interested in Evasions are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date…☆590Mar 31, 2026Updated last month
- Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of v…☆67Mar 31, 2026Updated last month
- A more stealthy variant of "DLL hollowing"☆365Mar 8, 2024Updated 2 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Feb 26, 2024Updated 2 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆759Nov 16, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆503Feb 3, 2022Updated 4 years ago
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.☆6,933Apr 1, 2026Updated last month
- Small and convenient C2 tool for Windows targets☆614Mar 8, 2022Updated 4 years ago
- A shellcode function to encrypt a running process image when sleeping.☆338Sep 11, 2021Updated 4 years ago
- ☆110May 14, 2018Updated 7 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆363Feb 24, 2023Updated 3 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,622Jul 31, 2024Updated last year
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,197Jul 5, 2023Updated 2 years ago
- Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process☆230Jul 30, 2020Updated 5 years ago
- Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.☆935Jun 1, 2021Updated 4 years ago
- Open-Source Shellcode & PE Packer☆2,094Feb 3, 2024Updated 2 years ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆347Sep 1, 2021Updated 4 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆826Aug 23, 2021Updated 4 years ago
- AV/EDR evasion via direct system calls.☆2,008Jan 1, 2023Updated 3 years ago
- Adaptive DLL hijacking / dynamic export forwarding☆816Jul 6, 2020Updated 5 years ago
- C/C++ source obfuscator for antivirus bypass☆1,067Mar 10, 2022Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,755Jan 16, 2026Updated 3 months ago
- A simple COM server which provides a component to run shellcode☆144May 12, 2020Updated 5 years ago
- ☆827Dec 28, 2019Updated 6 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 6 years ago
- Tool to create hidden registry keys.☆488Oct 23, 2019Updated 6 years ago
- A technique of hiding malicious shellcode via Shannon encoding.☆271Oct 23, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Enumerate and disable common sources of telemetry used by AV/EDR.☆848Mar 11, 2021Updated 5 years ago
- Also known by Microsoft as Knifecoat☆1,148Dec 22, 2022Updated 3 years ago
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago
- AV/EDR evasion via direct system calls.☆1,813Sep 3, 2022Updated 3 years ago
- Red Team C code repo☆573Dec 16, 2024Updated last year
- LSASS memory dumper using direct system calls and API unhooking.☆1,580Jan 5, 2021Updated 5 years ago
- Evade sysmon and windows event logging☆624Apr 8, 2020Updated 6 years ago