nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆48Updated 9 months ago
Alternatives and similar repositories for av_detect:
Users that are interested in av_detect are comparing it to the libraries listed below
- Template-based generation of shellcode loaders☆77Updated 11 months ago
- ☆78Updated last year
- ☆36Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- Do some DLL SideLoading magic☆80Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆68Updated last year
- ☆125Updated 7 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆51Updated 2 years ago
- TypeLib persistence technique☆109Updated 5 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Threadless shellcode injection tool☆62Updated 7 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆78Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆102Updated 2 months ago
- ☆98Updated last year
- API Hammering with C++20☆45Updated 2 years ago
- A Mythic agent for Windows written in C☆104Updated this week
- ☆105Updated 2 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆47Updated 10 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 7 months ago
- Shellcode loader☆78Updated 4 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆62Updated 3 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆72Updated last month
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆129Updated 7 months ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Updated 2 years ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆93Updated 3 months ago
- ☆95Updated 7 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- ☆133Updated last year