brosck/Awesome-AV-EDR-XDR-Bypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

brosck/Awesome-AV-EDR-XDR-Bypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/brosck/Awesome-AV-EDR-XDR-Bypass)

Close

brosck / Awesome-AV-EDR-XDR-BypassView on GitHubMore

• External links
• Readme badge

Awesome AV/EDR/XDR Bypass Tips

☆287Apr 23, 2023Updated 3 years ago

Alternatives and similar repositories for Awesome-AV-EDR-XDR-Bypass

Users that are interested in Awesome-AV-EDR-XDR-Bypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• brosck / Condor

  View on GitHub
  「🛡️」AVs/EDRs Evasion tool
  ☆104Dec 7, 2024Updated last year
• ferreiraklet / wolfy

  View on GitHub
  Wolfy AV Bypasser
  ☆31Feb 8, 2023Updated 3 years ago
• tkmru / awesome-edr-bypass

  View on GitHub
  Awesome EDR Bypass Resources For Ethical Hacking
  ☆1,522Jan 26, 2026Updated 3 months ago
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆160Nov 7, 2022Updated 3 years ago
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆306Sep 28, 2022Updated 3 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• brosck / Metafind

  View on GitHub
  「📖」Tool created to extract metadata from a domain
  ☆14Dec 7, 2024Updated last year
• MaorSabag / TrueSightKiller

  View on GitHub
  CPP AV/EDR Killer
  ☆482Nov 28, 2023Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆796Jan 26, 2026Updated 3 months ago
• trickster0 / TartarusGate

  View on GitHub
  TartarusGate, Bypassing EDRs
  ☆663Jan 25, 2022Updated 4 years ago
• brosck / L1LKiller

  View on GitHub
  「⚠️」Performing a BYOVD on the truesight.sys driver
  ☆45Dec 7, 2024Updated last year
• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆242Jan 4, 2023Updated 3 years ago
• enkomio / BrokenFlow

  View on GitHub
  A simple PoC to invoke an encrypted shellcode by using an hidden call
  ☆115Nov 19, 2022Updated 3 years ago
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,255Mar 28, 2025Updated last year
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,056Jun 20, 2023Updated 2 years ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• AmoloHT / CVE-2022-33891

  View on GitHub
  「💥」CVE-2022-33891 - Apache Spark Command Injection
  ☆25Aug 1, 2022Updated 3 years ago
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,325Dec 7, 2023Updated 2 years ago
• georgesotiriadis / Chimera

  View on GitHub
  Automated DLL Sideloading Tool With EDR Evasion Capabilities
  ☆507Dec 19, 2023Updated 2 years ago
• wikiZ / RedGuard

  View on GitHub
  RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
  ☆1,567Aug 20, 2024Updated last year
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆431Feb 11, 2024Updated 2 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆223Nov 5, 2021Updated 4 years ago
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆603Jan 5, 2025Updated last year
• CryptoBreach / UnhookPoC

  View on GitHub
  A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.
  ☆10Dec 16, 2021Updated 4 years ago
• Cracked5pider / Stardust

  View on GitHub
  A modern 32/64-bit position independent implant template
  ☆1,326Mar 21, 2025Updated last year
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆380Apr 19, 2023Updated 3 years ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆612May 2, 2026Updated last week
• Wra7h / FlavorTown

  View on GitHub
  Various ways to execute shellcode
  ☆511Mar 13, 2024Updated 2 years ago
• 0xsp-SRD / mortar

  View on GitHub
  evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
  ☆1,503Dec 21, 2023Updated 2 years ago
• zha0gongz1 / iscsicpl_bypassUAC

  View on GitHub
  UAC bypass for x64 Windows 7 - 11（无弹窗版）
  ☆281Sep 5, 2022Updated 3 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,633Jul 31, 2024Updated last year
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 4 years ago
• redteamsocietegenerale / DLLirant

  View on GitHub
  DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
  ☆499Nov 29, 2022Updated 3 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,199Oct 16, 2023Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• Kudaes / EPI

  View on GitHub
  Threadless Process Injection through entry point hijacking
  ☆353Sep 10, 2024Updated last year
• seventeenman / CallBackDump

  View on GitHub
  dump lsass进程工具
  ☆562Jul 20, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆673Dec 23, 2022Updated 3 years ago
• am0nsec / HellsGate

  View on GitHub
  Original C Implementation of the Hell's Gate VX Technique
  ☆1,180Jun 28, 2021Updated 4 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆514Aug 14, 2022Updated 3 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆625Sep 26, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,386Oct 27, 2023Updated 2 years ago