Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Multilayered AV/EDR Evasion Framework
PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.
proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
Old 32 bit PE executable protector / crypter
Shellcode execution via x86 inline assembly based on MSVC syntax
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth.
AV-Bypass using Encryption and Dynamic API Call in CPP
Add a description, image, and links to the av-bypass topic page so that developers can more easily learn about it.
To associate your repository with the av-bypass topic, visit your repo's landing page and select "manage topics."