PoC designed to evade userland-hooking anti-virus.
-
Updated
May 15, 2019 - C
PoC designed to evade userland-hooking anti-virus.
A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.
Research on malware creation and protection
AV Evasion Tool For Red Team Ops
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
Open-Source Shellcode & PE Packer
BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR
Add a description, image, and links to the antivirus-evasion topic page so that developers can more easily learn about it.
To associate your repository with the antivirus-evasion topic, visit your repo's landing page and select "manage topics."