nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆49Updated last year
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆131Updated last year
- ☆87Updated 2 years ago
- TypeLib persistence technique☆135Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆60Updated 5 months ago
- A nice process dumping tool☆81Updated 3 years ago
- Shellcode loader☆94Updated 11 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- ☆100Updated 2 years ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆60Updated 3 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆121Updated 6 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆61Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Updated 2 years ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆29Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- Template-based generation of shellcode loaders☆79Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆85Updated 2 years ago
- ☆91Updated last year
- ApexLdr is a DLL Payload Loader written in C☆113Updated last year
- Bypassing Amsi using LdrLoadDll☆47Updated 9 months ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆120Updated 2 years ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆164Updated 3 months ago
- Beacon Debugger☆55Updated last year
- I have documented all of the AMSI patches that I learned till now☆74Updated 7 months ago
- ☆124Updated last year
- ☆123Updated 2 years ago
- ☆43Updated 10 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- find dll base addresses without PEB WALK☆149Updated 3 months ago