mssec's starred repositories
SysWhispers
AV/EDR evasion via direct system calls.
FreshyCalls
FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
HookingNirvana
Recon 2015 Presentation from Alex Ionescu
KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
SharpEDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
EXOCET-AV-Evasion
EXOCET - AV-evading, undetectable, payload delivery tool
CTI-Feed-Collector
Open Source Cyber Threat Intelligence Feed Collector