nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆48Updated 10 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- ☆82Updated last year
- ☆98Updated last year
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆123Updated last week
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆92Updated 2 weeks ago
- TypeLib persistence technique☆114Updated 6 months ago
- Template-based generation of shellcode loaders☆77Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 8 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆74Updated 8 months ago
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆76Updated 2 weeks ago
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆38Updated this week
- Shellcode loader☆81Updated 5 months ago
- Execute dotnet app from unmanaged process☆73Updated 3 months ago
- ☆36Updated 2 years ago
- shell code example☆46Updated last week
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Construct the payload at runtime using an array of offsets☆63Updated 10 months ago
- ☆125Updated 7 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- ☆154Updated 4 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- A Mythic agent for Windows written in C☆119Updated this week
- Threadless shellcode injection tool☆63Updated 8 months ago
- ☆115Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆70Updated 11 months ago
- ☆106Updated 2 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆114Updated 2 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆88Updated this week
- I have documented all of the AMSI patches that I learned till now☆71Updated 3 weeks ago