Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
-
Updated
May 8, 2019 - Python
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.
Resources About Anti-Virus and Anti-Anti-Virus, including 200+ tools and 1300+ posts
Old 32 bit PE executable protector / crypter
This repository contains xor shellcode encryptor that is used to bypass static or signature based detection of malicious shellcodes for Process Injection exploits
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
Collection of Generic Metasploit Encoder to avoid AV RegEx Pattern Matching
AV-Bypass using Encryption and Dynamic API Call in CPP
IRC likely reverse shell
Sandbox/Heuristic PowerShell Bypass
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
Shellcode execution via x86 inline assembly based on MSVC syntax
Closes handles of a remote process in attempt to crash it
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
Add a description, image, and links to the av-bypass topic page so that developers can more easily learn about it.
To associate your repository with the av-bypass topic, visit your repo's landing page and select "manage topics."