"topic:edr-bypass" — Search

This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.

C++25751Updated 2 weeks ago

antivirus-evasionbypass-antivirusedr-bypassmsfvenomshellcode-injectionshellcode-loader

VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

C23025Updated 23 hours ago

av-bypassav-evasiondirect-syscallsedr-bypassedr-evasionindirect-syscallsshellcode-loaderwindows-int

V-

V-i-x-x/kernel-callback-removal

kernel callback removal (Bypassing EDR Detections)

C++21042Updated 1 week ago

edredr-bypassedr-evasionkernel

j3h4ck/WatchDogKiller

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

C++20829Updated 5 days ago

av-bypassav-evasionbyovdedredr-bypassedr-evasion

fortra/hw-call-stack

Use hardware breakpoints to spoof the call stack for both syscalls and API calls

C20330Updated 1 week ago

edr-bypassstack-spoofingsyscalls

dobin/antnium

A C2 framework for initial access in Go

Go19939Updated 4 weeks ago

c2edr-bypassinitial-accessratremote-access

oldkingcone/BYOSI

Evade EDR's the simple way, by not touching any of the API's they hook.

PHP16918Updated 3 weeks ago

edr-bypassedr-evasionphppowershellredteam

VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

C14826Updated 1 week ago

av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion

mrexodia/lolbin-poc

Small PoC of using a Microsoft signed executable as a lolbin.

C++14116Updated 4 weeks ago

edr-bypassmalwarepocredteamredteam-toolsredteamingwindbgwindbg-extension

voidvxvi/HellBunny

Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks

C13926Updated 1 week ago

api-hashingdirect-syscallsdlldll-sideloadingedr-bypassedr-evasioniat-camouflageindirect-syscallsmaldevmalware-developmentmsvcnative-apintapipayload-encryptionprocess-injectionshellcode-injectionshellcode-loaderwindows

x42en/sysplant

Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP

Nim12612Updated 4 days ago

aicedr-bypassframeworkhackinghookingmcp-servernimoffensive-toolspythonrustsyscallswindows

njcve/inflate.py

Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.

Python12415Updated 5 days ago

antivirusantivirus-evasionav-bypassav-evasionbugbountyedr-bypassendpoint-securityevasion-attack

0xsh3llf1r3/ColdWer

Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass

C11720Updated 5 days ago

av-bypassbeacon-object-filebofcobalt-strikecredential-dumpingedr-bypassedr-evasionedr-freezelsass-dumpoffensive-securityppl-bypassred-teamwindows-security

CroodSolutions/AutoPwnKey

AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. It is our hope that this tool will be useful to red teams over the short term, while over the long term help AV/EDR vendors improve how they handle AHK scripts.

AutoHotkey11012Updated 4 days ago

ahkahk-scriptattack-simulationav-bypassav-evasionedr-bypassedr-evasionevasion-techniquesexploit-codeexploit-developmentexploitation-frameworkpurple-teampurpleteam

NanoWraith/BlindEdr

A Blind EDR Project for Educational Purposes

C10021Updated 1 week ago

driveredr-bypassedr-evasionmalware

CroodSolutions/BeaconatorC2

BeaconatorC2 is a framework for red teaming and adversarial emulation, providing a full-featured management interface, along with a catalog of beacons and a clear schema to add more beacons over time.

Python9215Updated 3 weeks ago

adversarial-attacksc2command-and-controlcredential-dumpingdll-unhookingedr-bypassedr-evasionmetasploit-installpentest-toolpurple-teamingred-team-tools

0xflux/Rust-Hells-Gate

Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust

Rust8611Updated 2 weeks ago

antivirus-bypassantivirus-evasionbypass-antivirusbypass-edredr-bypassedr-evasionhells-gatehellsgatemalwaremalware-researchoffensive-securitypentestpentest-toolpentestingredteamredteam-toolsredteamingrustrust-lang

chainski/PandaLoader

A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.

C++8516Updated 1 week ago

bypass-antiviruscrypteredr-bypassetw-bypassetw-evasionevasionmalwareobfuscationpayload-generatorpe-loaderpersistencepowershellredteamshellcodeshellcode-encodershellcode-loaderxor-encryption

Adkali/PowerJoker

PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.

Python6913Updated 5 days ago

edr-bypassevadeexecuteexecutiongithubjokerlinuxmethodsobfuscate-stringsobfuscationoffensive-securitypowerpowershellpowershell-reverse-shellpython-reverse-shellpython3reverse-shellwindows-10windows-11windows-reverse-shell

zero2504/Fairy-Law

Fairy Law - Compromise or disable EDR security solutions

C++6811Updated 3 weeks ago

edr-bypassedr-evasioninternalsmalware-researchpowershellwindows-11

Page 1 of 3