vvswift / Bypass-Protection0x00Links
EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
☆47Updated last month
Alternatives and similar repositories for Bypass-Protection0x00
Users that are interested in Bypass-Protection0x00 are comparing it to the libraries listed below
Sorting:
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated 2 years ago
- Shellcode loader☆97Updated last year
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆167Updated 6 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61Updated 7 months ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆123Updated 2 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆83Updated last year
- Encode shellcode into dictionary words for evasion and entropy reduction☆33Updated 2 weeks ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆100Updated last year
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆199Updated 4 months ago
- Generic PE loader for fast prototyping evasion techniques☆242Updated last year
- Dynamic shellcode loader with sophisticated evasion capabilities☆274Updated 2 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll☆21Updated 5 months ago
- Just another repository for malware development☆12Updated last year
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆115Updated 2 weeks ago
- TypeLib persistence technique☆138Updated last year
- Injecting DLL into LSASS at boot☆155Updated 7 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆103Updated 10 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆61Updated 7 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆27Updated 7 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆87Updated 4 months ago
- Direct syscalls Injection to bypass AV/EDR☆12Updated last year
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.☆82Updated 3 months ago
- A unique introduction to native runtime obfuscation.☆74Updated 9 months ago
- BOF with Synthetic Stackframe☆204Updated last month
- Various methods of executing shellcode☆73Updated 2 years ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆44Updated 6 months ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆183Updated 2 years ago
- ApexLdr is a DLL Payload Loader written in C☆115Updated last year
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆44Updated last year