Skip to content
Identifies the bytes that Microsoft Defender flags on.
Branch: master
Clone or download
Latest commit 3c07f68 Apr 29, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
DefenderCheck Rebuild of setup Apr 12, 2019
.gitattributes Create .gitattributes Apr 10, 2019
.gitignore Create .gitignore Apr 12, 2019 Adding note about Defender configuration Apr 29, 2019
demo.gif Create demo.gif Apr 10, 2019


Quick tool to help make evasion work a little bit easier.

Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.

Note: Defender must be enabled on your system, but the realtime protection and automatic sample submission features should be disabled.

You can’t perform that action at this time.