Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
☆31Jan 14, 2023Updated 3 years ago
Alternatives and similar repositories for evasion-adventures-files
Users that are interested in evasion-adventures-files are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built i…☆36Jan 15, 2022Updated 4 years ago
- ☆19May 22, 2024Updated 2 years ago
- EDR/AV Simulation for Malware Development☆13Oct 21, 2023Updated 2 years ago
- ☆12Nov 12, 2023Updated 2 years ago
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆55May 8, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 3 years ago
- Exploits written while preparing for the OSED exam☆27Apr 30, 2024Updated 2 years ago
- Scripts for public use that we've randomly written, or have updated from other people's work.☆40Jun 25, 2024Updated 2 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆108Jan 24, 2024Updated 2 years ago
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆51Apr 22, 2024Updated 2 years ago
- Proxy function calls through the thread pool with ease☆31Feb 27, 2025Updated last year
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- MalDev & AV-EDR Evasion for Pentesters☆20Feb 17, 2023Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Create Cobalt Strike malleable C2 profiles with HTTPS configs☆18May 23, 2020Updated 6 years ago
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆20Mar 6, 2025Updated last year
- Direct syscalls Injection to bypass AV/EDR☆11May 18, 2024Updated 2 years ago
- Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV☆26Sep 26, 2022Updated 3 years ago
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- Firefox webInjector capable of injecting codes into webpages using a mitmproxy.☆42Oct 30, 2022Updated 3 years ago
- A BOF for lazy people☆25Apr 4, 2024Updated 2 years ago
- BOF with Synthetic Stackframe☆251Oct 30, 2025Updated 8 months ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated 2 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Exploring different process injection techniques based on malware analysis☆14Dec 28, 2023Updated 2 years ago
- Transparently call NTAPI via Halo's Gate with indirect syscalls.☆13Apr 26, 2024Updated 2 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆147May 6, 2023Updated 3 years ago
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆24Feb 17, 2024Updated 2 years ago
- 在cobaltstrike中使用的bof工具集,收集整理验证好用的bof。☆17Sep 30, 2021Updated 4 years ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆46Sep 25, 2024Updated last year
- Command line & PPID spoofing☆31Apr 15, 2023Updated 3 years ago
- ☆50Dec 15, 2025Updated 6 months ago
- List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly☆61May 24, 2022Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆18Mar 4, 2023Updated 3 years ago
- a simple powershell wrapper to automate checking a user's access around the network☆13Dec 5, 2023Updated 2 years ago
- frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can …☆61Apr 18, 2023Updated 3 years ago
- Techniques that i have used to evade anti-virus during pen tests.☆13May 29, 2018Updated 8 years ago
- Process hollowing injection technique for Red Team operations☆18Sep 18, 2023Updated 2 years ago
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆41Aug 15, 2024Updated last year
- Cobalt Strike Aggressor script create for RTO☆16Apr 11, 2024Updated 2 years ago