vvelitkn / Evasion-Escaper
Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environment or sandbox, and to pass all such checks successfully.
☆99Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Evasion-Escaper
- ETW based POC to identify direct and indirect syscalls☆173Updated last year
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆160Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆110Updated 4 months ago
- ☆112Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆98Updated 2 years ago
- ☆128Updated 2 years ago
- ☆82Updated 2 years ago
- Detect strange memory regions and DLLs☆170Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆139Updated 3 years ago
- Finding secrets in kernel and user memory☆113Updated last year
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆59Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- Windows LPE exploit for CVE-2022-37969☆130Updated last year
- ☆73Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in c…☆120Updated 2 years ago
- Create Anti-Copy DRM Malware☆46Updated 3 months ago
- EDRSandblast-GodFault☆240Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆194Updated last year
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆38Updated 5 months ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆199Updated 2 years ago
- ☆152Updated last year
- ☆106Updated last year
- Find DLLs with RWX section☆75Updated last year
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆210Updated last year
- Hide memory artifacts using ROP and hardware breakpoints.☆135Updated last year
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆128Updated last year
- ☆181Updated last year