bolonobolo / av_evasionLinks
☆22Updated 4 years ago
Alternatives and similar repositories for av_evasion
Users that are interested in av_evasion are comparing it to the libraries listed below
Sorting:
- ☆18Updated 4 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 4 years ago
- Extended Process List (Search functionality)☆29Updated 4 years ago
- Injects shellcode into remote processes using direct syscalls☆77Updated 5 years ago
- all credits go to @mgeeky☆64Updated 4 years ago
- Executes shellcode from a remote server and aims to evade in-memory scanners☆32Updated 6 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 5 years ago
- ☆51Updated 5 years ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Updated 3 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆79Updated 5 years ago
- C++ implant that interfaces with a SK8PARK server☆49Updated 4 years ago
- I used this to see if an EDR is running in Safe Mode☆36Updated 4 years ago
- C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.☆37Updated 4 years ago
- Syscall BOF to arbitrarily add/detract process token privilege rights.☆61Updated last year
- LoadLibrary for offensive operations☆33Updated 4 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆34Updated 5 years ago
- A C port of b33f's UrbanBishop☆38Updated 5 years ago
- Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019☆59Updated 4 years ago
- A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/☆31Updated last year
- Tool to manage user privileges☆31Updated 6 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Updated 3 years ago
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆19Updated 4 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Updated 4 years ago
- This is a 64 bit VBA implementation of Christophe Tafani-Dereeper's original VBA code described in his blog @ https://blog.christophetd.f…☆21Updated 5 years ago
- Loads .NET Assembly Via CLR Loader☆17Updated 6 years ago
- A simple COM server which provides a component to run shellcode☆148Updated 5 years ago
- My experience using Windows API for offensive purposes☆17Updated 4 years ago
- C# wrapper for ligolo☆17Updated 4 years ago
- AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.☆67Updated 5 years ago
- Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets☆48Updated 4 years ago