Direct syscalls Injection to bypass AV/EDR
☆11May 18, 2024Updated last year
Alternatives and similar repositories for on-disk-detection-bypass
Users that are interested in on-disk-detection-bypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆28Sep 18, 2024Updated last year
- A tool to assist DLL hijacking via the Havoc GUI☆13Jan 9, 2024Updated 2 years ago
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆42May 18, 2024Updated last year
- BloodyAv is Custom Shell Code loader to Bypass Av and Edr.☆14Mar 21, 2022Updated 4 years ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆24Jan 17, 2026Updated 2 months ago
- Process injection via KernelCallbackTable☆13Jan 28, 2022Updated 4 years ago
- Bypass Malware Time Delays☆107Sep 23, 2022Updated 3 years ago
- ☆19Sep 1, 2025Updated 6 months ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- Beacon Object File implementation of Yaxser's Backstab☆15Mar 9, 2022Updated 4 years ago
- Example of async client/server sockets in .NET 5☆17Jun 9, 2021Updated 4 years ago
- Transparently call NTAPI via Halo's Gate with indirect syscalls.☆15Apr 26, 2024Updated last year
- Using syscall to load shellcode, Evasion techniques☆27Jul 18, 2021Updated 4 years ago
- Malware persistence via COM DLL hijacking. C++ implementation example☆13May 2, 2022Updated 3 years ago
- Another Portable Executable files analysing stuff☆21May 28, 2011Updated 14 years ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆50May 8, 2024Updated last year
- ☆64Jan 2, 2024Updated 2 years ago
- NimReflectiveLoader is a Nim-based tool for in-memory DLL execution using Reflective DLL Loading.☆31Jan 21, 2024Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆290May 27, 2024Updated last year
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- A Multilayered AV/EDR Evasion Framework and AV Testing Tool.☆18Jun 28, 2025Updated 8 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- Collection of Offensive C# Tooling☆13Nov 4, 2021Updated 4 years ago
- LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) …☆12Jul 19, 2020Updated 5 years ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Windows process injection methods☆19Jul 18, 2021Updated 4 years ago
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- MalDev & AV-EDR Evasion for Pentesters☆20Feb 17, 2023Updated 3 years ago
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- Rust crate to parse user-mode minidump files generated on Windows☆18Nov 17, 2025Updated 4 months ago
- GDB TCP protocol proxy to inject/hooks GDB client requests to the target.☆18Apr 17, 2020Updated 5 years ago
- Develop macOS apps on Windows with seamless cross-platform tools.☆16Jun 5, 2025Updated 9 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Bunch of BOF files☆40Jun 30, 2025Updated 8 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆280Apr 10, 2024Updated last year
- Beacon Object File PoC implementation of KillDefender☆235Apr 12, 2022Updated 3 years ago