nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆48Updated 9 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- ☆36Updated 2 years ago
- ☆78Updated last year
- ☆98Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- Template-based generation of shellcode loaders☆77Updated 11 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- ☆36Updated 2 years ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆51Updated 2 years ago
- Do some DLL SideLoading magic☆80Updated last year
- Shellcode loader☆78Updated 4 months ago
- ☆125Updated 7 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- ☆95Updated 7 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆39Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆78Updated last year
- TypeLib persistence technique☆109Updated 5 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆62Updated last year
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- ☆119Updated last year
- ☆112Updated 2 years ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆129Updated 7 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆72Updated last month
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆65Updated last year
- I have documented all of the AMSI patches that I learned till now☆71Updated last week
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- converts sRDI compatible dlls to shellcode☆23Updated 2 months ago
- stack spoofing☆81Updated 4 months ago