Little user-mode AV/EDR evasion lab for training & learning purposes
-
Updated
Dec 4, 2024 - C++
Little user-mode AV/EDR evasion lab for training & learning purposes
Remotely predicts identifies the presence of EDR/XDR solutions on networks
This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedicated to improving their skills in malware development, malware research, offensive security, security defenses and measures.
🔭 Warping your own Internet everywhere you go 📡
Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.
XOR-encrypted shellcode injector for memory-based execution in remote processes, with integrated anti-analysis techniques.
Rust DLL Search Order Hijacking
A dynamic HTTP/s Payload Stager that automates updating decryption variables, saving time and effort in managing shellcode loaders.
Your syscall factory
Threadless Process Injection through entry point hijacking
Unhooking NTDLL Without Reading It From Disk.
Evade EDR's the simple way, by not touching any of the API's they hook.
Nim process hollowing loader
Tampering System Calls Using Hardware Breakpoints For Evasion In D.
Implementation Of SysWhispers Direct / Indirect System Call Technique In D.
Utilizing Hardware Breakpoints For Hooking In D.
(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
Fetching Fresh System Call Stubs From NTDLL (Read From Disk) In D.
An Indirect System Call Based Shellcode Loader Written Fully In D.
Add a description, image, and links to the edr-evasion topic page so that developers can more easily learn about it.
To associate your repository with the edr-evasion topic, visit your repo's landing page and select "manage topics."