Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
☆31Jan 14, 2023Updated 3 years ago
Alternatives and similar repositories for evasion-adventures-files
Users that are interested in evasion-adventures-files are comparing it to the libraries listed below
Sorting:
- This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built i…☆36Jan 15, 2022Updated 4 years ago
- ☆11Nov 12, 2023Updated 2 years ago
- EDR/AV Simulation for Malware Development☆13Oct 21, 2023Updated 2 years ago
- Create Cobalt Strike malleable C2 profiles with HTTPS configs☆18May 23, 2020Updated 5 years ago
- MalDev & AV-EDR Evasion for Pentesters☆20Feb 17, 2023Updated 3 years ago
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆55May 8, 2023Updated 2 years ago
- Exploits written while preparing for the OSED exam☆26Apr 30, 2024Updated last year
- Techniques that i have used to evade anti-virus during pen tests.☆13May 29, 2018Updated 7 years ago
- Scripts for public use that we've randomly written, or have updated from other people's work.☆40Jun 25, 2024Updated last year
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV☆26Sep 26, 2022Updated 3 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- ☆36Feb 12, 2026Updated 3 weeks ago
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- Small and highly portable detection tests.☆12Oct 12, 2017Updated 8 years ago
- Remote Desktop Protocol .NET Console Application for Authenticated Command Execution☆12Jan 21, 2020Updated 6 years ago
- Proxy function calls through the thread pool with ease☆31Feb 27, 2025Updated last year
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆51Apr 22, 2024Updated last year
- ☆50Dec 15, 2025Updated 2 months ago
- Scripts to help automate tedious red teaming enumeration and tasks.☆17Mar 23, 2020Updated 5 years ago
- Cobalt Strike Aggressor script create for RTO☆16Apr 11, 2024Updated last year
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- a simple powershell wrapper to automate checking a user's access around the network☆13Dec 5, 2023Updated 2 years ago
- This script was developped to assist in SpearPhishing campaign during Red Team operations. It can be used to generate random name based o…☆13Feb 6, 2023Updated 3 years ago
- Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations☆12Dec 9, 2022Updated 3 years ago
- AMSI detection PoC☆31Apr 14, 2020Updated 5 years ago
- IAT Unhooking proof-of-concept☆34Apr 7, 2024Updated last year
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- Collection of scripts that I created to make my life easier.☆12May 10, 2021Updated 4 years ago
- The purpose of this tool is to collect all the subdomains using different subdomain finder tools and then filter out those subdomains whi…☆15Nov 21, 2022Updated 3 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 3 years ago
- Direct syscalls Injection to bypass AV/EDR☆11May 18, 2024Updated last year
- A Docker container used to easily compile Nim binaries generated by my tools (NimPackt and NimPlant)☆16Aug 31, 2023Updated 2 years ago
- a bunch of malware in all platform, some maybe not work, this code for some study case or for knowledge. for information about malware yo…☆14Jan 29, 2021Updated 5 years ago
- Exploring different process injection techniques based on malware analysis☆14Dec 28, 2023Updated 2 years ago
- C2Matrix Automation☆15Sep 10, 2023Updated 2 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.☆85May 7, 2023Updated 2 years ago