☆106May 15, 2023Updated 2 years ago
Alternatives and similar repositories for Evasion
Users that are interested in Evasion are comparing it to the libraries listed below
Sorting:
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 2 years ago
- Weaponized HellsGate/SigFlip☆203Jun 7, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆137Mar 3, 2025Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆718Jul 19, 2023Updated 2 years ago
- Threadless Process Injection using remote function hooking.☆810Sep 4, 2024Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- Find DLLs with RWX section☆79Jul 3, 2023Updated 2 years ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆240Jun 22, 2023Updated 2 years ago
- Native Syscalls Shellcode Injector☆267Jul 2, 2023Updated 2 years ago
- Documents Exfiltration project for fun and educational purposes☆144Oct 10, 2023Updated 2 years ago
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆314Aug 2, 2023Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- ☆109Feb 17, 2025Updated last year
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- EDRSandblast-GodFault☆271Aug 28, 2023Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Aug 2, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- A RunAs clone with the ability to specify the password as an argument.☆112Jul 2, 2023Updated 2 years ago
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆322Aug 2, 2023Updated 2 years ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆389Jul 30, 2024Updated last year
- ☆224Oct 22, 2023Updated 2 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆374Jun 13, 2023Updated 2 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆505Dec 19, 2023Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆246Aug 2, 2023Updated 2 years ago
- RunPE implementation with multiple evasive techniques (1)☆382Sep 22, 2023Updated 2 years ago
- Go shellcode loader that combines multiple evasion techniques☆389Jun 21, 2023Updated 2 years ago
- Lifetime AMSI bypass☆672Sep 26, 2023Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago