512-bit block encryption algorithm, specially for x64
-
Updated
Oct 4, 2016 - C
512-bit block encryption algorithm, specially for x64
A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
A powerful penetration testing tool for network reconnaissance and infiltration.
Take a screenshot without injection for Cobalt Strike
Proof-of-Concept to evade auditd by tampering via ptrace
Proof-of-Concept to evade auditd by writing /proc/PID/mem
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
Bypass the Event Trace Windows(ETW) and unhook ntdll.
IPv6 address rate limiting evasion tool (that also supports IPv4)
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
A repository dedicated to researching, documenting, developing, and ultimately, defending against various strains of malicious software.
Generic PE loader for fast prototyping evasion techniques
Add a description, image, and links to the evasion topic page so that developers can more easily learn about it.
To associate your repository with the evasion topic, visit your repo's landing page and select "manage topics."