There are 3 repositories under bypass-edr topic.
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.
PowerShell script to terminate protected processes such as anti-malware and EDRs.
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.