Enumerate and disable common sources of telemetry used by AV/EDR.

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.

Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.

Packer (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)

This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.

Variety of different process injections implemented in C++

A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.

Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.

A collection of red team techniques.

A runtime Crypter written in C++ to bypass AVs signature based detection

Using c++23 compile-time magic to produce obfuscated PIC strings and arrays.

A dynamic HTTP/s Payload Stager that automates updating decryption variables, saving time and effort in managing shellcode loaders.

Attack tool for altering packed samples so that they evade static packing detection

Unhook Ntdll.dll, Go & C++.

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.

Just another process dumping tool for Windows, supporting network delivery and snapshots

Repository to publish your evasion techniques and contribute to the project

PoC for http://www.hexacorn.com/blog/2020/03/29/hiding-process-creation-and-cmd-line-with-a-long-com/