av-bypass

There are 9 repositories under av-bypass topic.

• LordNoteworthy / al-khaser

  Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

  anti-analysisanti-debugginganti-sandboxanti-vmanti-emulationcode-injectionmalwaretiming-attacksav-bypasssandbox-evasionanti-disassembly
  Language:C++ 5557
• inceptor

  klezVirus / inceptor

  Template-Driven AV/EDR Evasion Framework

  obfuscationpinvokedinvokecode-injectionprocess-injectionav-bypassamsi-bypassav-evasionedr-bypasspe-packeramsi-evasionred-teamred-teamingav-edr-bypasspayload-generator
  Language:Assembly 1502

• hlldz / SpookFlare

  Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

  av-bypassloaderdropperav-evasionendpoint-bypassantivirus-evasionantivirus-testingobfuscationbypass
  Language:Python 943

• alphaSeclab / anti-av

  Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts

  anti-virusanti-avav-bypass
  413
• OSRipper

  SubGlitch1 / OSRipper

  AV evading OSX Backdoor and Crypter Framework

  backdoorpythonfudantivirus-evasionantivirus-testingratbackdoorpythonmalwaremalware-developmentav-bypasscryptercrypter-fudsilent-minerminerkeylogger
  Language:Python 254

• yutianqaq / AVEvasionCraftOnline

  An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.

  bypassbypass-antivirusonlineredteamredteam-toolsantivirus-evasionav-bypassav-evasiongolangredteaming
  Language:Go 201

• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls

  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

  av-bypassav-evasiondirect-syscallsedr-bypassedr-evasionindirect-syscallsshellcode-loaderwindows-int
  Language:C 123

• VirtualAlllocEx / Direct-Syscalls-A-journey-from-high-to-low

  Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

  av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion
  Language:C 119

• njcve / inflate.py

  Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.

  antivirusantivirus-evasionav-bypassav-evasionbugbountyedr-bypassendpoint-securityevasion-attack
  Language:Python 115

• Sn1r / Nim-Reverse-Shell

  A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.

  antivirus-bypassantivirus-evasionav-bypassav-evasionnimnim-langreverse-shell
  Language:Nim 54

• VirtualAlllocEx / DSC_SVC_REMOTE

  This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

  av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion
  Language:C 47

• hackerOrionX / ORIONX-FUD-CRYPTER

  The only FREE and 100% FUD crypter that will still FUD, work on Windows. Powerfull obfuscator to bypass Anti-Viruses detection.

  fudfud-crypterobfuscatoranti-virusanti-virusesav-bypassav-evasioncryptercrypter-defendercrypter-fudeasy-to-usefreehackinghacking-toolopen-sourcewindowswindows-10
  Language:Tcl 39

• 1captainnemo1 / DLLREVERSESHELL

  A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.

  reverse-shellfudevadeav-evasionav-bypasscustom-reverseshellc-reverseshellbackdoor-attacksbackdoors-createdmalware-sampleantivirus-evasionantiviral-resistancetrojan-malwaretrojan-rattrojan
  Language:C 34

• 1captainnemo1 / PersistentCReverseShell

  A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.

  reverseshellpersistencefudevasionav-bypassav-evasionbypass-antiviruscomplete-fudpersistent-on-boot
  Language:C 33

• Enelg52 / Backpack

  Golang packer that use process hollowing

  av-bypassav-evasiongolangpacker
  Language:Go 16

• VirtualAlllocEx / Create_Thread_Inline_Assembly_x86

  This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly

  av-bypassav-evasionedr-bypassedr-evasioninline-assembly
  Language:C++ 15

• Souhardya / IMProtector

  Old 32 bit PE executable protector / crypter

  anti-debugav-bypassav-evasioncryptermalwaremalware-researchwindows
  Language:C++ 12

• VirtualAlllocEx / Shell-we-Assembly

  Shellcode execution via x86 inline assembly based on MSVC syntax

  av-bypassav-evasionedr-bypassedr-evasioninline-assemblywindows-internals
  Language:C++ 11

• x0reaxeax / KillHandles

  Closes handles of a remote process in attempt to crash it

  av-bypassbypass-antivirusclose-handlecrashdosredteamwindows
  Language:C 9

• x0reaxeax / SyscallHookBypass

  NTAPI hook bypass with (semi) legit stack trace

  antihookingav-bypassav-evasionedr-bypasswindowshook-bypassx86indirect-syscalldetection-evasionredteam
  Language:C 9

• VirtualAlllocEx / Create_Thread-Inline_Assembly_x86_Fibers

  This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers

  av-bypassav-evasionedr-bypassedr-evasioninline-assembly
  Language:C++ 6

• Lucas310302 / Coin-Nest

  XMR Miner Malware

  av-bypassav-evasionmalwareminermoneromonero-miningpersistanceprivelage-escalationpythonxmr
  Language:Python 5

• v-lavrentikov / obfuscator

  Binary obfuscation, anti-reversing, anti-debugging and av-bypass framework for Windows

  anti-analysisanti-debugginganti-disassemblyanti-reversinganti-sandboxav-bypassframeworkmalwareobfuscationwindows
  Language:Go 5

• mauricelambert / ReverseShell

  This package implements an advanced reverse shell console (supports: TCP, UDP, IRC, HTTP and DNS).

  dnshttpircpypi-packagepython3reverse-shelltcpudpconsolenetcatterminalav-bypassc2command-and-controlcryptolockermalware
  Language:Python 4

• shaddy43 / XOR_Shellcode_Encryptor

  This repository contains xor shellcode encryptor that is used to bypass static or signature based detection of malicious shellcodes for Process Injection exploits

  shellcodeencryptorav-bypassstatic-analysisxor
  Language:C# 4

• OlivierLaflamme / custom_binary_for_reverseshell

  custom binary reverseshell in C#

  customshellreverse-shellav-bypass
  Language:C# 3

• Queered / FUD-ReverseShell

  IRC likely reverse shell

  antivirus-evasionavav-bypassbotnetc2fudircreverse-shell
  Language:JavaScript 3

• bobby-tablez / Heuristic-Confuser

  Sandbox/Heuristic PowerShell Bypass

  av-bypassav-evasionobfuscationobfuscatorpowershellsandbox-detectionsandbox-evasionhacker-toolhackinghacking-toolmalware
  Language:PowerShell 2

• KOZ1OL / SAVITAR

  Savitar is powerfull tool be carefull !

  av-bypassransomwaresavitarvirus
  2

• sinatamari / CPPowershell

  AV-Bypass using Encryption and Dynamic API Call in CPP

  av-bypasspowershellreverse-shell
  Language:C++ 1

• digilolnet / pint-c2

  eBPF evading C2

  av-bypassav-evasionc2ebpfrat
  Language:Python 0

• KlausMueller1996 / Metasploit_GenericEncoders

  Collection of Generic Metasploit Encoder to avoid AV RegEx Pattern Matching

  av-bypassencodermetasploit
  Language:Ruby 0