nand0san / av_detect
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆42Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for av_detect
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆78Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 9 months ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆113Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆55Updated 3 months ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆79Updated last year
- TypeLib persistence technique☆75Updated last month
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆84Updated 8 months ago
- ☆108Updated last year
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆164Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆117Updated 3 months ago
- ☆34Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆49Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- ☆73Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆58Updated 8 months ago
- Do some DLL SideLoading magic☆75Updated last year
- ☆96Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆95Updated last year
- stack spoofing☆55Updated this week
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- ☆116Updated 2 months ago
- ☆108Updated 7 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆72Updated 9 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆88Updated 10 months ago
- A nice process dumping tool☆73Updated 2 years ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 6 months ago
- Identify and exploit leaked handles for local privilege escalation.☆105Updated last year