nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆42Updated 3 months ago
Related projects: ⓘ
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 7 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆76Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- ☆105Updated last year
- ☆142Updated 11 months ago
- Do some DLL SideLoading magic☆72Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆110Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆43Updated 4 months ago
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- ☆67Updated this week
- ☆70Updated last year
- ☆33Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆74Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 6 months ago
- ☆79Updated 2 weeks ago
- ☆113Updated 11 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆69Updated 7 months ago
- ☆94Updated 11 months ago
- ☆65Updated this week
- Template-based generation of shellcode loaders☆63Updated 5 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆31Updated 2 months ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆147Updated 10 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆47Updated 2 years ago
- ☆99Updated 2 weeks ago
- ApexLdr is a DLL Payload Loader written in C☆98Updated 2 months ago