Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

What AV? 一款轻量级的杀软在线识别的项目，持续更新ing

🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.

A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.

Cross platform (Linux / Windows) shellcode packer for CTFs and pentest / red team exams aiming for AV evasion !

Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust

ShadeLoader is a shellcode loader designed to bypass most antivirus software. 壳代码, 杀毒软件, 绕过

The provided Python program, Inject-EXE.py, allows you to combine a malicious executable with a legitimate executable, producing a single output executable. This output executable will contain both the malicious and legitimate executables.

How to bypass windows defender by forcing uac

𝐀 𝐕 𝐊 𝐈 𝐋 𝐋 𝐄 𝐗 𝐄 𝐂

Bypass Windows Defender with a persistent staged reverse shell using C code & metasploit framework

Red Teaming Tactics and Techniques

Generate obfuscated PowerShell commands using XOR logic with random keys!

A library for cloning x64 Windows functions.

Hybrid Encryption Dropper with HWID system.

A simple, obfuscated in-memory injection script written in PowerShell that bypasses Windows Defender

Windows RAT w/ antivirus bypass.

Anti Malware Scan Interface (DLL) Bypass

WinRM Reverse Shell Using Powershell.

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.