- Mal Dev Academy
- Awesome Malware Development
- FullBypass
- BypassAV
- Anti-Virus-Evading-Payloads
- Pyramid
- 10 Defender Bypass Methods
- AVIator
- Awesome Red Teaming - Defense Evasion
- Veil-Evasion
- Shellter
- UnmanagedPowerShell
- Amsi-Bypass-Powershell
- Msfvenom
- Red-Teaming-Toolkit (RepoToolsRedTeam)
- DInvoke to defeat EDRs
- A Practical Guide to Bypassing Userland API Hooking
- FilelessRemotePE
- uuid-loader
- IORI_Loader
- VEH-PoC
- MITRE ATT&CK - Defense Evasion
- iRed Team - Defense Evasion
- S3cur3Th1sSh1t Blog
- BypassAV
- Evasions: Registry
- Classic code injection into the process
- AV engines evasion for C++ simple malware
- AV engines evasion for C++ simple malware - part 2
- AV engines evasion techniques - part 3. Simple C++ example.
- AV engines evasion techniques - part 4. Simple C++ example.
- AV engines evasion techniques - part 5. Simple C++ example.
- AV/VM engines evasion techniques - part 6. Simple C++ example.
- AV evasion: part 7. Disable Windows Defender. Simple C++ example
- AV evasion - part 8. Encode payload via Z85 algorithm. C++ example
- AV evasion - part 9. Encrypt base64 encoded payload via RC4. C++ example
- AV/VM evasion - part 10: anti-debugging. NtGlobalFlag. Simple C++ example
highly recommended to familiarize yourself with the persistence tactics from MITRE ATT&CK before reading
- Malware development: persistence - part 1. Registry run keys. C++ example
- Malware development: persistence - part 2. Screensaver hijack. C++ example
- Malware development: persistence - part 3. COM DLL hijack. Simple C++ example
- Malware development: persistence - part 4. Windows services. Simple C++ example
- Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example
- Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example
- Malware development: persistence - part 7. Winlogon. Simple C++ example
- Malware development: persistence - part 8. Port monitors. Simple C++ example
- Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example
- Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example
- Malware development: persistence - part 11. Powershell profile. Simple C++ example
- Malware development: persistence - part 12. Accessibility Features. Simple C++ example
- Malware development: persistence - part 13. Hijacking uninstall logic for application. Simple C++ example
- Malware development: persistence - part 14. Event Viewer help link. Simple C++ example
- Malware development: persistence - part 15. Internet Explorer. Simple C++ example
- Malware development: persistence - part 16. Cryptography Registry Keys. Simple C++ example