nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆48Updated 9 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- ☆78Updated last year
- Template-based generation of shellcode loaders☆77Updated 11 months ago
- ☆36Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆68Updated last year
- ☆98Updated last year
- Do some DLL SideLoading magic☆80Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆83Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆129Updated 7 months ago
- TypeLib persistence technique☆109Updated 5 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82Updated last year
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆62Updated 2 months ago
- ☆125Updated 7 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆78Updated last year
- I have documented all of the AMSI patches that I learned till now☆71Updated this week
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- converts sRDI compatible dlls to shellcode☆23Updated 2 months ago
- Shellcode loader☆78Updated 4 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 7 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆51Updated 2 years ago
- Red Team Operation's Defense Evasion Technique.☆52Updated 9 months ago
- ☆150Updated 3 months ago
- A Mythic agent for Windows written in C☆104Updated this week
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆72Updated last month
- Threadless shellcode injection tool☆62Updated 7 months ago
- Section-based payload obfuscation technique for x64☆59Updated 7 months ago
- ☆112Updated 2 years ago