Enumerate and disable common sources of telemetry used by AV/EDR.
-
Updated
Mar 11, 2021 - C++
Enumerate and disable common sources of telemetry used by AV/EDR.
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
Packer (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.
This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.
Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.
Using c++23 compile-time magic to produce obfuscated PIC strings and arrays.
Unhook Ntdll.dll, Go & C++.
Attack tool for altering packed samples so that they evade static packing detection
A dynamic HTTP/s Payload Stager that automates updating decryption variables, saving time and effort in managing shellcode loaders.
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
Repository to publish your evasion techniques and contribute to the project
Just another process dumping tool for Windows, supporting network delivery and snapshots
PoC for http://www.hexacorn.com/blog/2020/03/29/hiding-process-creation-and-cmd-line-with-a-long-com/
Add a description, image, and links to the evasion topic page so that developers can more easily learn about it.
To associate your repository with the evasion topic, visit your repo's landing page and select "manage topics."