nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆50Updated last week
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆167Updated 7 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated last year
- TypeLib persistence technique☆138Updated last year
- ☆89Updated 2 years ago
- A nice process dumping tool☆81Updated 3 years ago
- ApexLdr is a DLL Payload Loader written in C☆116Updated last year
- Rex Shellcode Loader for AV/EDR evasion☆35Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66Updated 2 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Implementation of Indirect Syscall technique to pop a calc.exe☆113Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆85Updated 2 years ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆136Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆85Updated 2 years ago
- ☆100Updated 2 years ago
- Create Anti-Copy DRM Malware☆71Updated last year
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆180Updated 2 months ago
- ☆122Updated 2 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆83Updated last year
- I have documented all of the AMSI patches that I learned till now☆76Updated 2 months ago
- ☆126Updated last year
- PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin☆108Updated 2 weeks ago
- ☆92Updated last year
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆84Updated 3 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆124Updated 2 years ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆164Updated 3 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆32Updated 2 years ago
- Shellcode loader☆100Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆61Updated 3 years ago
- Threadless shellcode injection tool☆67Updated last year
- ☆50Updated 3 years ago