nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆49Updated last week
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- A nice process dumping tool☆81Updated 3 years ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆135Updated last year
- ☆89Updated 2 years ago
- A tool that supports finding and abusing whitelisted programs to allow arbitrary file writing into the executable folder of Antivirus sof…☆72Updated last month
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆152Updated 6 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆60Updated 6 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆65Updated 2 years ago
- ☆100Updated 2 years ago
- TypeLib persistence technique☆136Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆102Updated 9 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆88Updated 2 years ago
- Rex Shellcode Loader for AV/EDR evasion☆34Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆129Updated 8 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- find dll base addresses without PEB WALK☆155Updated 4 months ago
- ☆39Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆89Updated 7 months ago
- Beacon Debugger☆55Updated last year
- bring your own vulnerable driver☆113Updated 2 years ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆132Updated 3 months ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆102Updated 11 months ago
- ☆37Updated 2 years ago
- ☆121Updated 8 months ago
- Arsenal of modules to beacon postex formats like BOF/Shellcode including: dotnet in memory execution, lateral moviment (scm, winrm, dcom,…☆85Updated last week
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆31Updated 2 years ago
- ApexLdr is a DLL Payload Loader written in C☆113Updated last year
- NSecSoftBYOVD POC☆53Updated 2 months ago
- I have documented all of the AMSI patches that I learned till now☆76Updated last month
- Template-based generation of shellcode loaders☆79Updated last year