huoji120 / awesome_anti_virus_engineView external linksLinks
about how to make a anti-virus engine
☆106May 22, 2025Updated 8 months ago
Alternatives and similar repositories for awesome_anti_virus_engine
Users that are interested in awesome_anti_virus_engine are comparing it to the libraries listed below
Sorting:
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- defender_database☆24Oct 31, 2023Updated 2 years ago
- 基于UC的启发式杀毒引擎[还没做完]☆35Mar 28, 2021Updated 4 years ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆106Sep 4, 2025Updated 5 months ago
- x86-x64 Packer with Portable Executable compatibility.☆101Dec 15, 2025Updated 2 months ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆69Oct 10, 2025Updated 4 months ago
- A modern C++20 header-only library for advanced direct system call invocation.☆165Jan 17, 2026Updated last month
- 在线安软识别☆12Aug 6, 2025Updated 6 months ago
- doesnt work and wont work on it anymore☆10Jul 8, 2024Updated last year
- ☆17Jun 16, 2025Updated 8 months ago
- 2025最新开发的ShellcodeLoader框架,用于AV检测策略分析的模块化 Shellcode 加载器框架,具备非常强大的静态混淆功能。☆24Jul 7, 2025Updated 7 months ago
- 使用 Intel 虚拟化特性实现应用层HOOK☆65Sep 11, 2025Updated 5 months ago
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆91Apr 23, 2025Updated 9 months ago
- ☆59Oct 17, 2024Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- 关闭恶意驱动的文件和注册表保护☆14Jun 28, 2022Updated 3 years ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆12Apr 21, 2025Updated 9 months ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆494Dec 22, 2025Updated last month
- Self Cleanup in post-ex job☆59Sep 10, 2024Updated last year
- 通杀检测基于白文件patch黑代码的免杀技术的后门☆181Aug 3, 2024Updated last year
- An implementation of an indirect system call☆132Aug 25, 2023Updated 2 years ago
- vehsyscall:a syscall project that may bypass EDR☆62Mar 1, 2024Updated last year
- Stack integrity verification to Detect SleepMask or CallStack Spoofer☆53Jul 13, 2025Updated 7 months ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆142Updated this week
- 内存分析中玩贪吃蛇☆16Jan 13, 2024Updated 2 years ago
- libdt is part of the "Huorong eXtendible Stream Scan Engine" project copyright by Huorong Borui (Beijing) Technology Co., Ltd.☆14Aug 17, 2015Updated 10 years ago
- 蓝队应急工具☆541Jun 10, 2024Updated last year
- Emulate Drivers in RING3 with self context mapping or unicorn☆32Dec 31, 2024Updated last year
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,289Jun 21, 2024Updated last year
- 巨硬☆17Oct 4, 2023Updated 2 years ago
- A series of methods used to detect kernel shellcode for tencent game safe race 2024☆45Apr 22, 2024Updated last year
- beta☆120Sep 24, 2024Updated last year
- ☆34Apr 11, 2023Updated 2 years ago
- ☆19Oct 25, 2024Updated last year
- can convert EXE/DLL into position-independent shellcode☆40Feb 1, 2026Updated 2 weeks ago
- Linker for Beacon Object Files☆154Updated this week
- D810-ng (Next Generation) is an updated, tested, refactored, and optimized IDA Pro plugin used to deobfuscate code at decompilation time …☆104Updated this week
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆718Jul 19, 2023Updated 2 years ago