nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆49Updated 3 weeks ago
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61Updated 7 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆136Updated last year
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆167Updated 7 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆132Updated 8 months ago
- ☆89Updated 2 years ago
- TypeLib persistence technique☆138Updated last year
- Shellcode loader☆97Updated last year
- Rex Shellcode Loader for AV/EDR evasion☆35Updated last year
- find dll base addresses without PEB WALK☆156Updated 5 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66Updated 2 years ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆157Updated last week
- Template-based generation of shellcode loaders☆79Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆222Updated 3 months ago
- ☆100Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated last year
- A nice process dumping tool☆81Updated 3 years ago
- ☆49Updated last year
- ☆125Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆123Updated 2 years ago
- ApexLdr is a DLL Payload Loader written in C☆115Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆85Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆85Updated 2 years ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆113Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆63Updated 11 months ago
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆115Updated 3 weeks ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆180Updated 2 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆103Updated 10 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆85Updated 8 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆63Updated 2 years ago