Tampering System Calls Using Hardware Breakpoints For Evasion In D.
-
Updated
Jul 27, 2024 - D
Tampering System Calls Using Hardware Breakpoints For Evasion In D.
Repository to publish your evasion techniques and contribute to the project
Evade EDR's the simple way, by not touching any of the API's they hook.
Implementation Of SysWhispers Direct / Indirect System Call Technique In D.
Custom binary file packer/encoder with integrated decoder stub. A pentest-tool for modern EDR evasion.
Stack Spoofing PoC
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
Fetching Fresh System Call Stubs From NTDLL (Read From Disk) In D.
Red Teaming Tactics and Techniques
Utilizing Hardware Breakpoints For Hooking In D.
Code snippet to create a process using the "PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON" flag
Unhook Ntdll.dll, Go & C++.
An Indirect System Call Based Shellcode Loader Written Fully In D.
Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do not take any responsibility for its use or any actions taken.
Event Tracing for Windows EDR bypass in Rust
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process
APC Queue Injection EDR Evasion in Rust
An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process
Add a description, image, and links to the edr-evasion topic page so that developers can more easily learn about it.
To associate your repository with the edr-evasion topic, visit your repo's landing page and select "manage topics."