EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
☆57Nov 17, 2025Updated 3 months ago
Alternatives and similar repositories for Bypass-Protection0x00
Users that are interested in Bypass-Protection0x00 are comparing it to the libraries listed below
Sorting:
- PandaCrypter is a C#-based tool designed to convert PowerShell scripts into obfuscated batch files (.bat) with encryption and additional …☆46Aug 16, 2025Updated 6 months ago
- Two C# RunPE's capable of x86 and x64 injections☆11Dec 2, 2018Updated 7 years ago
- Evasive shellcode loader with indirect syscalls, Thread name-calling allocation, PoolParty injection☆10Feb 26, 2025Updated last year
- ☆15Mar 17, 2025Updated 11 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆76Jun 16, 2025Updated 8 months ago
- Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll☆25Jul 9, 2025Updated 7 months ago
- Hidden Features Full Hidden Access Hidden Desktop Hidden Browsers Hidden Cmd Clone Profile Hidden PowerShell Hidden Explorer Hidde…☆19Sep 30, 2022Updated 3 years ago
- The Windows driver and device management program for NDAS devices such as the NetDISK.☆16Jun 17, 2016Updated 9 years ago
- Kill malawarebytes process. Can be ported to any programming language.☆12Apr 21, 2025Updated 10 months ago
- Windows process injection methods☆18Jul 18, 2021Updated 4 years ago
- Offensive security toolkit to obfuscate Python code, stage payloads, and evade defenses☆23Feb 13, 2026Updated 2 weeks ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆20Dec 3, 2024Updated last year
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 10 months ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Sep 25, 2024Updated last year
- LSTAR - CobaltStrike Translated to EN☆22Jun 15, 2023Updated 2 years ago
- A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.☆29Jun 9, 2025Updated 8 months ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆52May 8, 2024Updated last year
- ☆25Apr 30, 2012Updated 13 years ago
- By manipulating LSASS memory flags like UseLogonCredential and IsCredGuardEnabled, this repo demonstrates how Credential Guard can be byp…☆14May 25, 2025Updated 9 months ago
- A Simple PoC☆22May 24, 2024Updated last year
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- T-1 is a shellcode loader that leverages ML techniques to detect VM environments☆34Oct 30, 2024Updated last year
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated last year
- Create Anti-Copy DRM Malware☆72Aug 19, 2024Updated last year
- This project is move advanced version of https://github.com/WKL-Sec/HiddenDesktop☆50Jan 11, 2026Updated last month
- Rex Shellcode Loader for AV/EDR evasion☆35Apr 7, 2024Updated last year
- Research project showcasing various malware evasion techniques used to bypass AVs and EDRs, continuously updated with new methods.☆38Jan 8, 2025Updated last year
- Evasive loader to bypass static detection☆60Jan 15, 2024Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.☆84Sep 27, 2025Updated 5 months ago
- This Python app allows users to inject malicious payloads into PDF files through a GUI. It supports three injection methods: URL, file, a…☆28Mar 26, 2023Updated 2 years ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆200May 29, 2025Updated 9 months ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆71Dec 26, 2025Updated 2 months ago
- Simulate per-process disconnection in red team environments☆113Jun 6, 2025Updated 8 months ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- External Hack for Aura Kingdom TO☆14Feb 17, 2023Updated 3 years ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆79Aug 5, 2024Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Aug 13, 2024Updated last year