Repository to publish your evasion techniques and contribute to the project
-
Updated
Sep 30, 2023 - C++
Repository to publish your evasion techniques and contribute to the project
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
Carbon Crypter / Packer
Mostly malicious or abusable powershell I've written
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
Custom binary file packer/encoder with integrated decoder stub. A pentest-tool for modern EDR evasion.
Kraken Crypter v5 (Native/Turbo)
Red Teaming Tactics and Techniques
Evade EDR's the simple way, by not touching any of the API's they hook.
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
NTAPI hook bypass with (semi) legit stack trace
Shellcode execution via x86 inline assembly based on MSVC syntax
Indirect Syscall invocation via thread hijacking
An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
PoC arbitrary WPM without a process handle
Hidedump:a lsassdump tools that may bypass EDR
Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
PowerJoker is a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
Add a description, image, and links to the edr-bypass topic page so that developers can more easily learn about it.
To associate your repository with the edr-bypass topic, visit your repo's landing page and select "manage topics."