nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆48Updated 8 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆125Updated 6 months ago
- Threadless shellcode injection tool☆63Updated 6 months ago
- ☆36Updated 2 years ago
- Template-based generation of shellcode loaders☆73Updated 10 months ago
- ☆75Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆68Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆59Updated 11 months ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- ☆97Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆68Updated 9 months ago
- ☆122Updated 5 months ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 6 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆39Updated last year
- stack spoofing☆80Updated 3 months ago
- TypeLib persistence technique☆107Updated 3 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆51Updated 2 years ago
- ☆115Updated last year
- Implant drop-in for EDR testing☆134Updated last year
- Execute dotnet app from unmanaged process☆70Updated last month
- Shellcode loader☆76Updated 2 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆73Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆45Updated 9 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆54Updated last month
- ☆93Updated 5 months ago
- I have documented all of the AMSI patches that I learned till now☆74Updated last year
- A nice process dumping tool☆78Updated 2 years ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆58Updated last year
- abusing Process Hacker driver to terminate other processes (BYOVD)☆81Updated last year