nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆47Updated 10 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- Template-based generation of shellcode loaders☆77Updated last year
- ☆82Updated last year
- TypeLib persistence technique☆115Updated 6 months ago
- ☆36Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆74Updated 8 months ago
- ☆99Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Updated last year
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆62Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆51Updated 2 years ago
- Do some DLL SideLoading magic☆84Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- Threadless shellcode injection tool☆64Updated 9 months ago
- ☆123Updated last year
- ☆126Updated 8 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆117Updated 3 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆63Updated 2 years ago
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆80Updated 3 weeks ago
- ☆97Updated 8 months ago
- A Mythic agent for Windows written in C☆120Updated 2 weeks ago
- ForsHops☆44Updated last month
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- I have documented all of the AMSI patches that I learned till now☆72Updated last month
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 8 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆95Updated last month
- ☆122Updated last year
- Shellcode loader☆81Updated 5 months ago
- Reasonably undetected shellcode stager and executer.☆37Updated 7 months ago