nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆48Updated last year
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- ☆86Updated last year
- ☆36Updated 2 years ago
- Shellcode loader☆89Updated 7 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆102Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆53Updated 2 months ago
- I have documented all of the AMSI patches that I learned till now☆73Updated 3 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆58Updated 2 years ago
- Rex Shellcode Loader for AV/EDR evasion☆33Updated last year
- TypeLib persistence technique☆118Updated 8 months ago
- Template-based generation of shellcode loaders☆78Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 11 months ago
- ☆38Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated last year
- converts sRDI compatible dlls to shellcode☆29Updated 5 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆42Updated 2 years ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆63Updated last year
- A nice process dumping tool☆82Updated 2 years ago
- Threadless shellcode injection tool☆66Updated 11 months ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆85Updated 2 years ago
- ☆100Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Updated 2 years ago
- find dll base addresses without PEB WALK☆120Updated 2 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆47Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆121Updated 2 years ago
- ☆124Updated last year
- abusing Process Hacker driver to terminate other processes (BYOVD)☆83Updated 2 years ago