some AV / EDR / analysis studies
☆10May 21, 2023Updated 2 years ago
Alternatives and similar repositories for binarybinarybinary
Users that are interested in binarybinarybinary are comparing it to the libraries listed below
Sorting:
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Tartocitron is a repo to have fun with malwares and the Rust language. This repo provides working examples of dropper written in Rust.☆11May 31, 2022Updated 3 years ago
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Aug 5, 2023Updated 2 years ago
- Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pen…☆13May 11, 2023Updated 2 years ago
- EvtPsst☆55Oct 24, 2023Updated 2 years ago
- Enumerate Callbacks and all Object Types☆16Jan 9, 2023Updated 3 years ago
- Source data & analysis of NSA SECONDDATE packet-injection framework☆11Apr 9, 2017Updated 8 years ago
- ☆15Oct 1, 2020Updated 5 years ago
- Indirect Syscall invocation via thread hijacking☆26May 5, 2023Updated 2 years ago
- Rust crate to obfuscate strings and byte arrays so they are not in memory when not in use.☆19Dec 23, 2025Updated 2 months ago
- Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL☆64Sep 12, 2022Updated 3 years ago
- hy-rs, pronounced high rise, provides a unified and portable to the hypervisor APIs provided by various platforms.☆20Mar 10, 2022Updated 3 years ago
- A thin Rust wrapper around Windows' hardware breakpoints.☆21Jul 14, 2022Updated 3 years ago
- kill AV/EDR☆21Jun 9, 2023Updated 2 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Oct 14, 2025Updated 4 months ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- rekk is set of tools written in Rust to obfuscate ELF & PE executables with nanomites.☆32Dec 15, 2024Updated last year
- The WebAssembly Indirect Call Inliner☆27Oct 18, 2023Updated 2 years ago
- Rust port of kdmapper☆22Aug 24, 2021Updated 4 years ago
- silence file system monitoring components by hooking their minifilters☆60Jan 31, 2024Updated 2 years ago
- Donut generator in rust.☆28Feb 17, 2022Updated 4 years ago
- Minifilter Callback Patching Proof-of-Concept☆74Oct 31, 2022Updated 3 years ago
- Bypass using kernel driver (not finish).☆21Apr 30, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- 🚧 C# UAC Bypass technique using mock directories 🚧☆28Jul 27, 2022Updated 3 years ago
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Sep 24, 2022Updated 3 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆147May 6, 2023Updated 2 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Mar 15, 2024Updated last year
- A payload delivery system which embeds payloads in an executable's icon file!☆73Jan 26, 2024Updated 2 years ago
- Load DLLs from memory with rust☆144May 9, 2022Updated 3 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 2 years ago
- 🧪 The versatile and intuitive memory hacking framework.☆29Jan 12, 2023Updated 3 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- MiniDump a process in memory with rust☆37Jun 20, 2021Updated 4 years ago
- A tool to find folders excluded from AV real-time scanning using a time oracle☆233Feb 13, 2024Updated 2 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- ☆12Feb 4, 2025Updated last year