efchatz / bypassing-av-detectionView external linksLinks
Bypassing antivirus detection: old-school malware, new tricks
☆67May 10, 2023Updated 2 years ago
Alternatives and similar repositories for bypassing-av-detection
Users that are interested in bypassing-av-detection are comparing it to the libraries listed below
Sorting:
- Offensive Assembly code snippets.☆13Jul 12, 2023Updated 2 years ago
- Tool for obtaining information about PPL processes☆16Feb 12, 2024Updated 2 years ago
- Citrix CVE-2023-4966 from assetnote modified for parallel and file handling☆11Oct 25, 2023Updated 2 years ago
- This repo for Windows x32-x64 Kernel/User Mode Exploitation writeups and exploits☆24Oct 20, 2025Updated 3 months ago
- Red Team list and cheat sheets☆11Jul 7, 2024Updated last year
- x86_64 LKM linux rootkit☆16Jul 1, 2023Updated 2 years ago
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆182Feb 2, 2026Updated last week
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Shellcode loader designed for evasion. Coded in Rust.☆134Mar 5, 2023Updated 2 years ago
- ☆86Aug 18, 2022Updated 3 years ago
- IAT Unhooking proof-of-concept☆34Apr 7, 2024Updated last year
- Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.☆22Oct 6, 2021Updated 4 years ago
- An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.☆21Dec 15, 2024Updated last year
- SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…☆75May 3, 2024Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated 11 months ago
- Projected developed for fun only that simulates APT 29 and Lockbit TTPs, showcasing phishing, ISO execution, and DLL proxying for persist…☆61May 3, 2024Updated last year
- ☆14May 14, 2022Updated 3 years ago
- rekk is set of tools written in Rust to obfuscate ELF & PE executables with nanomites.☆31Dec 15, 2024Updated last year
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- This repository implements Threadless Injection in C☆172Dec 23, 2023Updated 2 years ago
- A nice process dumping tool☆82Jul 19, 2022Updated 3 years ago
- tool for enumeration & bulk download of sensitive files found in SharePoint environments☆80Apr 2, 2025Updated 10 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- GrizzlyTunnel is a automation script designed to create seamless Layer 3 VPN like tunnels over SSH.☆26Dec 18, 2024Updated last year
- Apache Superset Auth Bypass (CVE-2023-27524)☆11May 9, 2023Updated 2 years ago
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆17Jun 12, 2025Updated 8 months ago
- EQGRP: Replicating DarkPulsar, an DLL capable of hooking Security Package Method Tables on the Heap!☆10Oct 11, 2020Updated 5 years ago
- A lightweight Python tool to analyze PCAP files and generate network traffic reports. It detects traffic patterns, security concerns, and…☆18Sep 25, 2024Updated last year
- ☆11Aug 25, 2023Updated 2 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- Cobalt Strike notifications via NTFY.☆15Sep 24, 2024Updated last year
- Attempt to use WFP for proxy interception☆10Jan 13, 2019Updated 7 years ago
- This PowerShell script applies a memory patch to bypass the Antimalware Scan Interface (AMSI), allowing unrestricted execution of PowerSh…☆13Jun 2, 2024Updated last year
- ☆50Apr 9, 2025Updated 10 months ago
- A collection of PoCs for different injection techniques on Windows!☆49Aug 27, 2023Updated 2 years ago
- A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.☆785Jan 9, 2025Updated last year
- Some of the presentations, workshops, and labs I gave at public conferences.☆34Oct 24, 2025Updated 3 months ago