GitHunt
VI

VirtualAlllocEx/Payload-Download-Cradles

This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.

antivirus-evasionbypass-antivirusbypass-edredr-evasionpayload

Payload Download Cradles

This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass
AV/EPP/EDR in context of download cradle detections. Notice, removing or obfuscating signatures from your download cradle is
only one piece of the puzzle to bypass an AV/EPP/EDR. Depending on the respective product you have to modify your payload which
should be downloaded by the cradle to bypass API-Hooking, Callbacks, AMSI etc.

Creds to Daniel Bohannon for his amazing obfuscation tools, many thanks to Daniel.

https://github.com/danielbohannon/Invoke-Obfuscation

https://github.com/danielbohannon/Invoke-CradleCrafter

https://github.com/danielbohannon/Invoke-DOSfuscation

Languages

PowerShell46.0%Batchfile41.7%JavaScript7.7%HTML4.6%

Contributors

VI
Created May 14, 2021
Updated February 6, 2026
VirtualAlllocEx/Payload-Download-Cradles | GitHunt