av-evasion

There are 19 repositories under av-evasion topic.

• bytecode77 / r77-rootkit

  Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

  av-evasionfilelessrootkit
  Language:C 1504
• inceptor

  klezVirus / inceptor

  Template-Driven AV/EDR Evasion Framework

  obfuscationpinvokedinvokecode-injectionprocess-injectionav-bypassamsi-bypassav-evasionedr-bypasspe-packeramsi-evasionred-teamred-teamingav-edr-bypasspayload-generator
  Language:Assembly 1502

• TryCatchHCF / Cloakify

  CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

  cipherdata-exfiltrationhackingpentestingexfiltrationsteganographycryptographydlpav-evasionprivacysecuritysecurity-toolsinfosecred-teampentestpentest-toolhacking-toolhacking-toolspentest-toolsstego
  Language:Python 1500

• swagkarna / Defeat-Defender-V1.2.0

  Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

  bypassdefenderantivirusfudmalwarepayloadmalware-dropperbypass-antivirusundetectableav-evasiondropperhackinghack-toolbypass-defenderhackwindowsdisable-windows-defenderbatchproof-of-concept
  Language:Batchfile 1371

• Ch0pin / AVIator

  Antivirus evasion project

  antivirusbypassbackdoorwindowstrojanshellcodeinjectionbackdoorsvirus-totalav-evasionav-bbackdooringcrypterantivirus-testingvirus
  Language:C# 1004

• hlldz / SpookFlare

  Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

  antivirus-evasionantivirus-testingav-bypassav-evasionbypassdropperendpoint-bypassloaderobfuscation
  Language:Python 943

• lengjibo / FourEye

  AV Evasion Tool For Red Team Ops

  redteamav-evasionantivirus-evasionshellcodebypassav
  Language:C 743

• klezVirus / SilentMoonwalk

  PoC Implementation of a fully dynamic call stack spoofer

  av-evasionedr-evasionstack-spoofingthread-stack
  Language:C++ 603

• bytecode77 / pe-union

  Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI

  binderobfuscationcrypterdownloaderav-evasion
  Language:C# 594

• GetRektBoy724 / SharpUnhooker

  C# Based Universal API Unhooker

  windows-apiwindowscsharppentestingred-teamdllav-evasion
  Language:C# 383
• hades

  f1zm0 / hades

  Go shellcode loader that combines multiple evasion techniques

  av-evasionedr-evasiongolangpentestingred-teamingntapintdllsyscallsevasionadversary-emulationoffensive-security
  Language:Go 327

• WesleyWong420 / RedTeamOps-Havoc-101

  Materials for the workshop "Red Team Ops: Havoc 101"

  active-directoryav-evasionedr-bypasshavocopsecprocess-injectionred-team-ops
  Language:C# 296

• pard0p / CallstackSpoofingPOC

  C++ self-Injecting dropper based on various EDR evasion techniques.

  av-evasiondropperedr-evasionindirect-syscall
  Language:C 291

• D3Ext / maldev

  Golang library for malware development

  av-evasioncryptographydevelopmentencryptiongogolanginfoseckali-linuxmaldevmalwarepentestingred-teamshellcode
  Language:Go 290

• f1zm0 / acheron

  indirect syscalls for AV/EDR evasion in Go assembly

  evasionadversary-emulationav-evasionedr-bypassedr-evasionmalware-researchoffensive-securityred-teamred-teamingassemblygogolang
  Language:Assembly 286

• GetRektBoy724 / MeterPwrShell

  Automated Tool That Generates The Perfect Meterpreter Powershell Payload

  meterpreterone-linerbypass-uacamsibypass-firewallfudwindowspayloadmetasploitstagerav-evasionmalwarebypass-amsibypassmetasploit-frameworkbypass-antivirus
  218

• GetRektBoy724 / BetterXencrypt

  A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.

  amsifudbypass-antiviruswindowsavscrypterpowershellav-evasionpayload
  Language:PowerShell 207

• yutianqaq / AVEvasionCraftOnline

  An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.

  antivirus-evasionav-bypassav-evasionbypassbypass-antivirusgolangonlineredteamredteam-toolsredteaming
  Language:Go 200
• AntiCrack-DotNet

  AdvDebug / AntiCrack-DotNet

  C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.

  dll-injectionsandboxieevasionmalwareanti-debugvirtualizationcrackingprotectionanti-debuggingantidebugreverse-engineeringanti-debuggeranti-detectionav-evasiondebuggerdebuggingvm-evasionanti-crackingcsharpanti-sandbox
  Language:C# 191

• Cipher7 / ChaiLdr

  AV bypass while you sip your Chai!

  av-bypassav-evasionloadermalwaremalware-developmentred-teaming
  Language:C 153

• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls

  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

  av-bypassav-evasiondirect-syscallsedr-bypassedr-evasionindirect-syscallsshellcode-loaderwindows-int
  Language:C 123

• VirtualAlllocEx / Direct-Syscalls-A-journey-from-high-to-low

  Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

  av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion
  Language:C 119

• njcve / inflate.py

  Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.

  antivirusantivirus-evasionav-bypassav-evasionbugbountyedr-bypassendpoint-securityevasion-attack
  Language:Python 115

• yutianqaq / BypassAV-Online

  An online AV evasion platform written in Springboot (Golang, Nim, C) supports inline, local and remote loading of Shellocde methods.

  bypassavcgonimspringbootantivirus-evasionav-evasionredteam
  Language:Java 114

• loadenmb / tvasion

  :performing_arts: Anti virus evasion based on file signature change via AES encryption with Powershell and C# AV evasion templates which support executable and Powershell payloads with Windows executable, Powershell or batch output. Developed with Powershell on Linux for Windows targets :)

  av-evasionantivirus-evasioncrypteraes-encryptioncsharppowershellsignature-change
  Language:PowerShell 74

• n1nj4sec / pymemimporter

  import pyd or execute PE all from memory using only pure python code and some shellcode tricks

  pythonpe32in-memorymimikatzshellcodepydav-evasion
  Language:Python 70
• MineRootkit

  AdvDebug / MineRootkit

  PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking.

  avav-evasioncppcsharpevasionmalwaremalware-analysismalware-protectionmalware-researchrootkitrootkit-windowsuser-modeuser-mode-rootkitusermodewindows
  Language:C# 63

• GetRektBoy724 / TripleS

  Extracting Syscall Stub, Modernized

  windowscsharppentestingsyscallav-evasionred-teaming
  Language:C# 61

• tid4l / TallGrass

  An AV exclusion enumeration tool written in Python.

  av-evasioncybersecurityenumerationpythonred-teamwindows-defenderwindows-registry
  Language:Python 59

• padovah4ck / RedSharp

  Penetration Test / Read Team - C# tools repository

  av-evasionbypass-antivirusc-sharpmeterpreterpenetration-testreverse-shellshellcode-injectorwindows
  Language:C# 56

• Sn1r / Nim-Reverse-Shell

  A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.

  antivirus-bypassantivirus-evasionav-bypassav-evasionnimnim-langreverse-shell
  Language:Nim 53
• Darkbyte

  JoelGMSec / Darkbyte

  Repository of tools used in my blog

  hackingtoolsred-teamav-evasiontunnelingwi-firdpkeyloggerrat
  Language:C 49

• VirtualAlllocEx / DSC_SVC_REMOTE

  This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

  av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion
  Language:C 47

• Chainski / AES-Encoder

  PowerShell Obfuscator. A PowerShell script anti-virus evasion tool

  av-evasionamsi-bypasscobalt-strikecrypterctf-toolshackingpowershell-obfuscatorpowershell-toolssecuritysecurity-toolsaes-encoderencrypt-powershell-scriptpowershell-bypass-amsicryptographyencryptionfudpenetration-testingred-teampowershellxencrypt
  Language:PowerShell 46

• hackerOrionX / ORIONX-FUD-CRYPTER

  The only FREE and 100% FUD crypter that will still FUD, work on Windows. Powerfull obfuscator to bypass Anti-Viruses detection.

  fudfud-crypterobfuscatoranti-virusanti-virusesav-bypassav-evasioncryptercrypter-defendercrypter-fudeasy-to-usefreehackinghacking-toolopen-sourcewindowswindows-10
  Language:Tcl 39

• Enelg52 / Gofrette

  Gofrette is a reverse shell payload developed in Golang that bypasses Windows defender and many others anti-virus.

  golangreverse-shellav-evasion
  Language:Go 36