Bypassing AV, EDR, Application Whitelisting and ASR Rules
☆13Apr 18, 2023Updated 2 years ago
Alternatives and similar repositories for DefenseEvasion
Users that are interested in DefenseEvasion are comparing it to the libraries listed below
Sorting:
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- ☆13Apr 8, 2022Updated 3 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- IOCTL-Flooder is a verbose tool designed to help with Windows driver fuzzing by brute forcing IOCTLs on loaded drivers. GetLastError is u…☆11Aug 21, 2018Updated 7 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- ☆11Feb 12, 2023Updated 3 years ago
- A different approach to writing BOFs in rust.☆19Aug 20, 2025Updated 6 months ago
- Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…☆34Feb 2, 2026Updated last month
- Transparently call NTAPI via Halo's Gate with indirect syscalls.☆15Apr 26, 2024Updated last year
- BoltWire v6.03 vulnerable to "Improper Access Control"☆13Oct 31, 2023Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- Red Team Operation's Defense Evasion Technique.☆56Jun 4, 2024Updated last year
- MiniDump a process in memory with rust☆37Jun 20, 2021Updated 4 years ago
- ☆14Oct 25, 2019Updated 6 years ago
- Purple Team Dropper generator using open source templates.☆17May 23, 2024Updated last year
- impersonate trustedinstaller by fiddling with tokens☆17Aug 30, 2021Updated 4 years ago
- RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to ea…☆23Jan 21, 2024Updated 2 years ago
- Structured CSVs and table schemas extracted from the 29-April-2025 LockBit affiliate-panel database leak.☆28May 8, 2025Updated 9 months ago
- ErebusGate for Nim Bypass AV/EDR☆162Nov 7, 2022Updated 3 years ago
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- Persistence via Shell Extensions☆64Aug 4, 2023Updated 2 years ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆89Jul 7, 2022Updated 3 years ago
- kill AV/EDR☆21Jun 9, 2023Updated 2 years ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆39Jun 9, 2024Updated last year
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆88Feb 11, 2024Updated 2 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).☆90Nov 23, 2022Updated 3 years ago
- A cross-platform remote administration tool written in Java☆19Aug 26, 2020Updated 5 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- EvtPsst☆55Oct 24, 2023Updated 2 years ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- HVNC based on RustDesk☆109May 1, 2024Updated last year
- The Web UI for Antnium☆27Jun 14, 2022Updated 3 years ago