#

av-evasion

Here are 28 public repositories matching this topic...

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

rootkit av-evasion fileless

Updated May 25, 2026
C

lengjibo / FourEye

AV Evasion Tool For Red Team Ops

shellcode antivirus-evasion av-evasion redteam bypassav

Updated Dec 8, 2021
C

pard0p / CallstackSpoofingPOC

C++ self-Injecting dropper based on various EDR evasion techniques.

dropper av-evasion edr-evasion indirect-syscall

Updated Feb 11, 2024
C

VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

shellcode-loader av-evasion av-bypass windows-int edr-bypass edr-evasion direct-syscalls indirect-syscalls

Updated Jan 20, 2024
C

Cipher7 / ChaiLdr

AV bypass while you sip your Chai!

malware loader malware-development av-evasion av-bypass red-teaming

Updated May 17, 2024
C

VirtualAlllocEx / Direct-Syscalls-A-journey-from-high-to-low

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

av-evasion av-bypass edr-bypass edr-evasion direct-syscalls

Updated May 6, 2023
C

Cipher7 / ApexLdr

ApexLdr is a DLL Payload Loader written in C

malware loader threadpool shellcode-loader av-evasion av-bypass red-teaming dll-unhooking dll-sideloading indirect-syscall

Updated Jul 17, 2024
C

DoomSyscalls

SilentisVox / DoomSyscalls

Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing.

rop-gadgets av-evasion edr-evasion indirect-syscall

Updated Apr 30, 2026
C

VirtualAlllocEx / DSC_SVC_REMOTE

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

av-evasion av-bypass edr-bypass edr-evasion direct-syscalls

Updated May 8, 2023
C

Darkbyte

JoelGMSec / Darkbyte

Repository of tools used in my blog

tools hacking rat keylogger rdp wi-fi tunneling red-team av-evasion

Updated Mar 22, 2024
C

DeathShotXD / 0xKern3lCrush

Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Driver) TTPs for Ring 0 process termination and physical memory R/W. Researching EDR-Killer patterns, PPL bypasses, and kernel-mode primitives used by MedusaLocker and other threat actors.

exploit kernel-driver fud av-evasion edr ethicalhacking avbypass edr-bypass edr-evasion byovd vulnerable-driver av-killer edr-killer antivirus-removal foreverday

Updated Feb 4, 2026
C

1captainnemo1 / DLLREVERSESHELL

A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.

reverse-shell trojan fud antivirus-evasion av-evasion malware-sample evade trojan-rat av-bypass backdoors-created trojan-malware backdoor-attacks antiviral-resistance custom-reverseshell c-reverseshell

Updated Jun 4, 2019
C

1captainnemo1 / PersistentCReverseShell

A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.

persistence evasion reverseshell bypass-antivirus fud av-evasion av-bypass complete-fud persistent-on-boot

Updated May 28, 2019
C

vvswift / blackbox-ave

Linux Rootkit (x86-64 / ARM64) that stealth hides processes, files, and sockets, hooks syscalls, encrypts traffic, and bypasses SELinux / AppArmor.

kernel backdoor persistence injector elf pie apparmor selinux shellcode-loader av-evasion linux-rootkit stealth-hides-processes hooks-syscalls encrypts-traffic

Updated Aug 24, 2025
C

x0reaxeax / SilentWrite

PoC arbitrary WPM without a process handle

windows x86-64 injection shellcode wpm av-evasion redteam shellcode-injector remote-write shellcode-injection shellcode-execute edr-bypass edr-evasion detection-evasion popcalc

Updated Jul 22, 2023
C

Vith0r / Indirect-Syscalls

Indirect Syscalls Loader

shellcode-loader av-evasion indirect-syscall

Updated Oct 27, 2024
C

x0reaxeax / SyscallHookBypass

NTAPI hook bypass with (semi) legit stack trace

windows x86 av-evasion redteam antihooking av-bypass edr-bypass detection-evasion hook-bypass indirect-syscall

Updated May 9, 2023
C

redteam88 / KillDefenderBOF

Beacon Object File PoC implementation of KillDefender

beacon cobalt-strike av-evasion redteaming bof redteam aggressor-script cobaltstrike-cna cobaltstrike defense-evasion aggressorscript evade-av av-evade

Updated Feb 9, 2022
C

QuakeSyscalls

SilentisVox / QuakeSyscalls

Syscall Tampering with Clean Indirect Syscalls.

av-evasion edr-evasion indirect-syscalls syscall-tampering

Updated May 8, 2026
C

aniko33 / pe-packer-x64

A simple template PE Packer (x64)

template encryption packer winapi hacking low-level pe evasion pe-format windows-api pe-loader packer-template malware-development av-evasion pe-packer

Updated Jul 10, 2024
C

Improve this page

Add a description, image, and links to the av-evasion topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the av-evasion topic, visit your repo's landing page and select "manage topics."