EDR Lab for Experimentation Purposes
PoC Implementation of a fully dynamic call stack spoofer
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
.NET/PowerShell/VBA Offensive Security Obfuscator
C++ self-Injecting dropper based on various EDR evasion techniques.
Go shellcode loader that combines multiple evasion techniques
Threadless Process Injection through entry point hijacking
indirect syscalls for AV/EDR evasion in Go assembly
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Generic PE loader for fast prototyping evasion techniques
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
kernel callback removal (Bypassing EDR Detections)
Evade EDR's the simple way, by not touching any of the API's they hook.
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedica...
Your syscall factory
PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.