☆106May 15, 2023Updated 2 years ago
Alternatives and similar repositories for Evasion
Users that are interested in Evasion are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 3 years ago
- ETW based POC to identify direct and indirect syscalls☆191Apr 19, 2023Updated 3 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Weaponized HellsGate/SigFlip☆207Jun 7, 2023Updated 2 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆138Mar 3, 2025Updated last year
- Threadless Process Injection using remote function hooking.☆813Sep 4, 2024Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆722Jul 19, 2023Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆313Aug 2, 2023Updated 2 years ago
- A RunAs clone with the ability to specify the password as an argument.☆112Jul 2, 2023Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Using fibers to run in-memory code.☆244Oct 19, 2023Updated 2 years ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆237Jun 22, 2023Updated 2 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Native Syscalls Shellcode Injector☆268Jul 2, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆295Jul 15, 2023Updated 2 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆388Jul 30, 2024Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- ☆111Feb 17, 2025Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- ☆91Jul 18, 2023Updated 2 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆323Aug 2, 2023Updated 2 years ago
- Lifetime AMSI bypass☆673Sep 26, 2023Updated 2 years ago
- Find DLLs with RWX section☆80Jul 3, 2023Updated 2 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆378Jun 13, 2023Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆54Apr 4, 2023Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆135Jan 2, 2023Updated 3 years ago
- ☆48Feb 11, 2023Updated 3 years ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆248Aug 2, 2023Updated 2 years ago
- EDRSandblast-GodFault☆271Aug 28, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Go shellcode loader that combines multiple evasion techniques☆388Jun 21, 2023Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 5 months ago
- Documents Exfiltration project for fun and educational purposes☆144Oct 10, 2023Updated 2 years ago
- Ethical Remote Acces Tool Client and Server for W10 and Linux Persist functionality☆50Feb 12, 2023Updated 3 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆286Jun 8, 2023Updated 2 years ago
- RDPCredentialStealer it's an implant that steal credentials provided by users in RDP using API Hooking with Detours in C++☆267Mar 11, 2026Updated last month
- All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming☆232Oct 8, 2024Updated last year