Hackmosphere / DefenderBypassLinks
A guide to learning antivirus evasion
☆55Updated 7 months ago
Alternatives and similar repositories for DefenderBypass
Users that are interested in DefenderBypass are comparing it to the libraries listed below
Sorting:
- Ghosting-AMSI☆219Updated 6 months ago
- Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.☆78Updated 4 months ago
- RunPE implementation with multiple evasive techniques☆229Updated last month
- C# AV/EDR Killer using less-known driver (BYOVD)☆180Updated last year
- ☆161Updated 7 months ago
- This repo is for the youtube video where we have explained how to make a detectable reverse shell undetectable by windows defender☆27Updated last year
- NukeAMSI is a powerful tool designed to neutralize the Antimalware Scan Interface (AMSI) in Windows environments.☆169Updated last week
- Execute commands interactively on remote Windows machines using the WinRM protocol☆270Updated last week
- A script to generate AV evaded(static) DLL shellcode loader with AES encryption.☆137Updated 7 months ago
- Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testin…☆118Updated 4 months ago
- Generate an Alphabetical Polymorphic Shellcode☆130Updated 2 months ago
- A PoC for Early Cascade process injection technique.☆198Updated 9 months ago
- ☆184Updated 4 months ago
- A powerful, modular, lightweight and efficient command & control framework written in Nim.☆207Updated this week
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆156Updated 3 months ago
- Dynamic shellcode loader with sophisticated evasion capabilities☆246Updated last month
- Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.☆388Updated last week
- An Ansible role that install the Adaptix C2 server and/or client on Debian based hosts☆169Updated 5 months ago
- The different ways to dump lsass☆193Updated 2 months ago
- SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.☆346Updated last month
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆197Updated 2 years ago
- Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …☆218Updated last year
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆259Updated last year
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆317Updated last year
- "AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS☆307Updated last month
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆255Updated 6 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆209Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆239Updated last month
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆154Updated last year
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Updated 7 months ago