nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆49Updated last year
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- ☆87Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆131Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago
- ☆100Updated last year
- A nice process dumping tool☆82Updated 3 years ago
- TypeLib persistence technique☆127Updated 10 months ago
- I have documented all of the AMSI patches that I learned till now☆73Updated 5 months ago
- ☆38Updated 2 years ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆58Updated 2 years ago
- Rex Shellcode Loader for AV/EDR evasion☆34Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Updated last year
- ☆36Updated 2 years ago
- find dll base addresses without PEB WALK☆143Updated last month
- ☆124Updated 11 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆56Updated 3 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- Select any exported function in a dll as the new dll's entry point.☆81Updated 10 months ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆99Updated 8 months ago
- Exploitation of echo_driver.sys☆170Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆27Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆78Updated 4 months ago
- Template-based generation of shellcode loaders☆79Updated last year
- Implementation of Indirect Syscall technique to pop a calc.exe☆106Updated last year
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆117Updated this week
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆130Updated 2 years ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆165Updated last week
- A basic C2 framework written in C☆60Updated last year
- ☆122Updated 2 years ago