nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆44Updated 7 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆82Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆73Updated 11 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆50Updated 2 years ago
- ☆35Updated last year
- ☆96Updated last year
- ☆92Updated 4 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated 11 months ago
- Threadless shellcode injection tool☆62Updated 5 months ago
- Do some DLL SideLoading magic☆76Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆68Updated 8 months ago
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- TypeLib persistence technique☆88Updated 2 months ago
- Shellcode loader☆72Updated last month
- ☆73Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated 10 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆45Updated 10 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 5 months ago
- ☆50Updated 3 weeks ago
- stack spoofing☆74Updated 2 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆90Updated 11 months ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆66Updated last year
- BOF with Synthetic Stackframe☆58Updated this week
- ☆77Updated last year
- ☆111Updated last year
- ☆36Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆60Updated last year
- A basic C2 framework written in C☆58Updated 6 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆172Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆88Updated 10 months ago