edr-bypass

Template-Driven AV/EDR Evasion Framework

Awesome EDR Bypass Resources For Ethical Hacking

Multilayered AV/EDR Evasion Framework

A Highly capable Pe Packer

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Automated DLL Sideloading Tool With EDR Evasion Capabilities

Materials for the workshop "Red Team Ops: Havoc 101"

indirect syscalls for AV/EDR evasion in Go assembly

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

Use hardware breakpoints to spoof the call stack for both syscalls and API calls

A C2 framework for initial access in Go

kernel callback removal (Bypassing EDR Detections)

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

Evade EDR's the simple way, by not touching any of the API's they hook.

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

Small PoC of using a Microsoft signed executable as a lolbin.

Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks