evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
翻译 - 规避技术以挫败和转移安全产品的检测和预防 (AV/EDR/XDR)
Loading BOF & ShellCode without executable permission memory.
Red Team C2 Framework with AV/EDR bypass capabilities.
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Magical obfuscator, supports obfuscating EXE, BOF, and ShellCode.
Generate DLL Hijacking Payload in batches.
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
翻译 - 通过文件映射加载 ntdll.dll 的新副本以绕过 API 内联挂钩。
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR'...
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Efficient RAT signature locator for bypassing AV/EDR, supporting static scanning and memory scanning.
PowerShell script to terminate protected processes such as anti-malware and EDRs.
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
An easy-to-use and powerful Macro for Stack Spoofing.
ARP Scanner, a lightweight host-alive detection tool for OPSEC.
Bring Your Own Scripting Interpreter - Custom Shell (PHP)
Just an obfuscation technique in a resource file in 2 possible formats