lab52io/StopDefender

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/lab52io/StopDefender)

lab52io / StopDefender

Stop Windows Defender programmatically

☆993

Alternatives and similar repositories for StopDefender

Users that are interested in StopDefender are comparing it to the libraries listed below

Sorting:

pwn1sher / KillDefender
View on GitHub
A small POC to make defender useless by removing its token privileges and lowering the token integrity
☆689Jun 28, 2022Updated 3 years ago
boku7 / BokuLoader
View on GitHub
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
☆1,401Nov 22, 2023Updated 2 years ago
Yaxser / Backstab
View on GitHub
A tool to kill antimalware protected processes
☆1,506Jun 19, 2021Updated 4 years ago
fortra / nanodump
View on GitHub
The swiss army knife of LSASS dumping
☆2,081Sep 17, 2024Updated last year
CCob / SharpBlock
View on GitHub
A method of bypassing EDR's active projection DLL's by preventing entry point exection
☆1,162Mar 31, 2021Updated 4 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,008Jun 4, 2024Updated last year
itm4n / PPLdump
View on GitHub
Dump the memory of a PPL with a userland exploit
☆888Jul 24, 2022Updated 3 years ago
mai1zhi2 / SharpBeacon
View on GitHub
CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
☆730Sep 1, 2021Updated 4 years ago
jthuraisamy / SysWhispers2
View on GitHub
AV/EDR evasion via direct system calls.
☆1,797Sep 3, 2022Updated 3 years ago
RedCursorSecurityConsulting / PPLKiller
View on GitHub
Tool to bypass LSA Protection (aka Protected Process Light)
☆989Dec 4, 2022Updated 3 years ago
S3cur3Th1sSh1t / MultiPotato
View on GitHub
☆538Nov 20, 2021Updated 4 years ago
kyleavery / inject-assembly
View on GitHub
Inject .NET assemblies into an existing process
☆507Jan 19, 2022Updated 4 years ago
cube0x0 / noPac
View on GitHub
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
☆1,397Dec 16, 2021Updated 4 years ago
nettitude / RunPE
View on GitHub
C# Reflective loader for unmanaged binaries.
☆446Jan 25, 2023Updated 3 years ago
APTortellini / unDefender
View on GitHub
Killing your preferred antimalware by abusing native symbolic links and NT paths.
☆359Jan 29, 2022Updated 4 years ago
wavestone-cdt / EDRSandblast
View on GitHub
☆1,793Aug 30, 2024Updated last year
klezVirus / SysWhispers3
View on GitHub
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
☆1,601Jul 31, 2024Updated last year
optiv / Mangle
View on GitHub
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
☆1,229Aug 18, 2023Updated 2 years ago
janoglezcampos / DeathSleep
View on GitHub
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
☆535Aug 1, 2022Updated 3 years ago
Kudaes / Elevator
View on GitHub
UAC bypass by abusing RPC and debug objects.
☆628Oct 19, 2023Updated 2 years ago
Mr-Un1k0d3r / EDRs
View on GitHub
☆2,173Feb 21, 2023Updated 3 years ago
mgeeky / ThreadStackSpoofer
View on GitHub
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
☆1,203Jun 17, 2022Updated 3 years ago
daem0nc0re / TangledWinExec
View on GitHub
PoCs and tools for investigation of Windows process execution techniques
☆954Feb 2, 2026Updated last month
hlldz / RefleXXion
View on GitHub
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
☆500Jan 25, 2022Updated 4 years ago
rad9800 / TamperingSyscalls
View on GitHub
☆511Aug 14, 2022Updated 3 years ago
hasherezade / process_ghosting
View on GitHub
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
☆686Mar 11, 2024Updated 2 years ago
med0x2e / SigFlip
View on GitHub
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
☆1,260Aug 27, 2023Updated 2 years ago
hackerhouse-opensource / iscsicpl_bypassUAC
View on GitHub
UAC bypass for x64 Windows 7 - 11
☆833Feb 2, 2026Updated last month
aahmad097 / AlternativeShellcodeExec
View on GitHub
Alternative Shellcode Execution Via Callbacks
☆1,699Nov 11, 2022Updated 3 years ago
CCob / BeaconEye
View on GitHub
Hunts out CobaltStrike beacons and logs operator command output
☆951Sep 4, 2024Updated last year
SolomonSklash / SleepyCrypt
View on GitHub
A shellcode function to encrypt a running process image when sleeping.
☆339Sep 11, 2021Updated 4 years ago
optiv / ScareCrow
View on GitHub
ScareCrow - Payload creation framework designed around EDR bypass.
☆2,878Aug 18, 2023Updated 2 years ago
WKL-Sec / HiddenDesktop
View on GitHub
HVNC for Cobalt Strike
☆1,304Dec 7, 2023Updated 2 years ago
0xsp-SRD / mortar
View on GitHub
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
☆1,501Dec 21, 2023Updated 2 years ago
hasherezade / pe_to_shellcode
View on GitHub
Converts PE into a shellcode
☆2,752Aug 30, 2025Updated 6 months ago
Octoberfest7 / Inline-Execute-PE
View on GitHub
Execute unmanaged Windows executables in CobaltStrike Beacons
☆714Mar 4, 2023Updated 3 years ago
icyguider / Shhhloader
View on GitHub
Syscall Shellcode Loader (Work in Progress)
☆1,259May 8, 2024Updated last year
outflanknl / Dumpert
View on GitHub
LSASS memory dumper using direct system calls and API unhooking.
☆1,579Jan 5, 2021Updated 5 years ago
Accenture / Spartacus
View on GitHub
Spartacus DLL/COM Hijacking Toolkit
☆1,083Feb 1, 2024Updated 2 years ago