EDR/AV Simulation for Malware Development
☆13Oct 21, 2023Updated 2 years ago
Alternatives and similar repositories for MaldevEDR
Users that are interested in MaldevEDR are comparing it to the libraries listed below
Sorting:
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 9 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- ☆11Nov 12, 2023Updated 2 years ago
- a bunch of malware in all platform, some maybe not work, this code for some study case or for knowledge. for information about malware yo…☆14Jan 29, 2021Updated 5 years ago
- Ant is a post-exploitation tool designed to automate the deployment of tunnels and port forwarding based on a predefined topology configu…☆17Jan 31, 2024Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- direct systemcalls with a modern c++20 interface.☆45Jan 6, 2023Updated 3 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- PlanqX EDR is an open-source, advanced Endpoint Detection and Response (EDR) solution for Windows, offering real-time system and network …☆24Jun 5, 2025Updated 9 months ago
- Golang 写的免杀框架,通过系统调用等手法bypass AV/EDR☆23Jul 11, 2024Updated last year
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆33Aug 18, 2025Updated 6 months ago
- PAGE_GUARD based hooking library☆52Jul 25, 2022Updated 3 years ago
- A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run M…☆21Jul 14, 2024Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Mar 27, 2025Updated 11 months ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- A SOCKS5-configured syscall hook that allows transparent TCP proxying on Windows for IPv4 and IPv6.☆26Jul 9, 2021Updated 4 years ago
- Rex Shellcode Loader for AV/EDR evasion☆35Apr 7, 2024Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- Collection of Rust repos useful for Red Teamers.☆34Sep 23, 2022Updated 3 years ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Mar 6, 2024Updated last year
- ☆33Mar 19, 2025Updated 11 months ago
- Right-To-Left Override POC☆36Mar 21, 2022Updated 3 years ago
- Kernel mode to user mode dll injection.☆14Nov 10, 2024Updated last year
- Shellcode loader☆101Nov 24, 2024Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- Remote Template Injection Toolkit☆48Apr 7, 2024Updated last year
- ☆86Aug 8, 2024Updated last year
- A driver created to bypass the anti-cheat and r/w memory through it☆15Aug 3, 2024Updated last year
- ncatbot插件:下载jm本子转为pdf发到QQ聊天☆31Dec 16, 2025Updated 2 months ago
- 二维码扫描、生成☆11Sep 6, 2013Updated 12 years ago
- A framework for backdooring Microsoft Nuget packages.☆10Jan 9, 2024Updated 2 years ago
- 在5MB的内存和硬盘以内,实现FRPC的WebUI管理界面,抛弃臃肿�的Java和MySQL☆12Feb 10, 2023Updated 3 years ago
- Techniques that i have used to evade anti-virus during pen tests.☆13May 29, 2018Updated 7 years ago
- Elevate arbitrary MSR writes to kernel execution.☆45Sep 3, 2023Updated 2 years ago
- Identify binaries with Authenticode digital signatures signed to an internal CA/domain☆40Feb 6, 2024Updated 2 years ago
- Proof-of-concept modular implant platform leveraging v8☆54Mar 4, 2025Updated last year
- ☆42Feb 18, 2025Updated last year