nand0san / av_detectLinks
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
☆49Updated last year
Alternatives and similar repositories for av_detect
Users that are interested in av_detect are comparing it to the libraries listed below
Sorting:
- ☆87Updated 2 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆131Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago
- TypeLib persistence technique☆131Updated 10 months ago
- Rex Shellcode Loader for AV/EDR evasion☆34Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆56Updated 4 months ago
- ☆99Updated last year
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆156Updated last month
- I have documented all of the AMSI patches that I learned till now☆73Updated 5 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆115Updated 5 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- Bypassing Amsi using LdrLoadDll☆46Updated 8 months ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆106Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆131Updated 7 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- Threadless shellcode injection tool☆67Updated last year
- ☆100Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆58Updated 3 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆62Updated 2 weeks ago
- Shellcode loader☆94Updated 9 months ago
- Less sugar (entropy) for your binaries☆34Updated last week
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆93Updated 2 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆61Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- EmbedExeLnk by x86matthew modified by d4rkiZ☆41Updated 2 years ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆69Updated 3 weeks ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆79Updated 4 months ago
- BOF to decrypt Signal Desktop chat logs☆71Updated 6 months ago