#

av-bypass

Here are 12 public repositories matching this topic...

Cipher7 / ChaiLdr

AV bypass while you sip your Chai!

malware loader malware-development av-evasion av-bypass red-teaming

Updated May 17, 2024
C

VirtualAlllocEx / Direct-Syscalls-A-journey-from-high-to-low

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

av-evasion av-bypass edr-bypass edr-evasion direct-syscalls

Updated May 6, 2023
C

Cipher7 / ApexLdr

ApexLdr is a DLL Payload Loader written in C

malware loader threadpool shellcode-loader av-evasion av-bypass red-teaming dll-unhooking dll-sideloading indirect-syscall

Updated Jul 17, 2024
C

VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

shellcode-loader av-evasion av-bypass windows-int edr-bypass edr-evasion direct-syscalls indirect-syscalls

Updated Jan 20, 2024
C

1captainnemo1 / PersistentCReverseShell

A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.

persistence evasion reverseshell bypass-antivirus fud av-evasion av-bypass complete-fud persistent-on-boot

Updated May 28, 2019
C

0xsh3llf1r3 / ColdWer

Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass

offensive-security cobalt-strike red-team bof av-bypass windows-security credential-dumping edr-bypass edr-evasion beacon-object-file lsass-dump edr-freeze ppl-bypass

Updated Jan 29, 2026
C

VirtualAlllocEx / DSC_SVC_REMOTE

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

av-evasion av-bypass edr-bypass edr-evasion direct-syscalls

Updated May 8, 2023
C

1captainnemo1 / DLLREVERSESHELL

A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.

reverse-shell trojan fud antivirus-evasion av-evasion malware-sample evade trojan-rat av-bypass backdoors-created trojan-malware backdoor-attacks antiviral-resistance custom-reverseshell c-reverseshell

Updated Jun 4, 2019
C

x0reaxeax / SyscallHookBypass

NTAPI hook bypass with (semi) legit stack trace

windows x86 av-evasion redteam antihooking av-bypass edr-bypass detection-evasion hook-bypass indirect-syscall

Updated May 9, 2023
C

x0reaxeax / KillHandles

Closes handles of a remote process in attempt to crash it

windows dos crash bypass-antivirus redteam av-bypass close-handle

Updated Apr 26, 2023
C

Malforge-Maldev-Public-Organization / AV-Evasion-with-XOR-Encryption

Technique for AV evasion using XOR encryption to obfuscate payloads.

encryption malware-research evasion xor malware-development red-team av-evasion av-bypass

Updated Apr 28, 2025
C

Ilesnat / Meterepreter_HTB_Execution

Defender bypass for payload execution

visual-studio winapi executable msfvenom metasploit pentest-tool av-bypass mitre-attack

Updated Jun 7, 2025
C

Improve this page

Add a description, image, and links to the av-bypass topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the av-bypass topic, visit your repo's landing page and select "manage topics."