🥶 Freeze EDR/AV processes with ColdWer, using WerFaultSecure.exe PPL bypass to extract LSASS memory on modern Windows systems.
🕹️ Enhance your Sandbox gameplay with unlimited resources, auto farm features, and god mode for a seamless gaming experience.
🔒 Obfuscate Python code to enhance security, making reverse engineering harder for better protection in educational and research projects.
Red Team C2 Framework - NT syscall-direct memory injection (bypasses all AV/EDR), dual Cloudflare tunnels (Tor-routed), Rust agent with ConPTY full PTY shell + BITS covert C2, Nim/C#/PowerShell agents, MSF integration via ntdll shellcode injection, local Ollama AI assistant
Extracting clean syscall numbers from a suspended process before injecting shellcode into it using indirect syscalls.
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Decrypting a powershell script and executing it using scriptblock smuggling, bypassing AMSI and some telemetry.
Multilayered AV/EDR Evasion Framework (no longer actively maintained)
通过Patch白文件实现免杀
Red team trainee sharing writeups, tools, and lab insights with a passion for exploring Active Directory, offensive security, and penetration testing. This site is a hub for writeups, tools, and insights I develop while sharpening my skills in real-world scenarios.
NGP - Native Gadget Programming
Defender bypass for payload execution
Windows infostealer in Rust with polymorphic builds, Hell's Gate syscalls, and compile-time encryption. Educational use only.
a modular offensive security framework designed for executing Unicode-based attacks, like those seen in the "GlassWorm" compromises
AV evading cross platform Backdoor and Crypter Framework with a integrated lightweight webUI
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
A compact Python utility to extract, deobfuscate, and repackage Meterpreter payloads to bypassing detection (e.g., Windows Defender).
proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
𝔫𝔢𝔵𝔱-𝔤𝔢𝔫 𝔠𝔯𝔶𝔭𝔱𝔬 𝔩𝔬𝔠𝔨𝔢𝔯 - 𝔫𝔬𝔱 𝔣𝔬𝔯 𝔦𝔩𝔩𝔢𝔤𝔞𝔩 𝔭𝔲𝔯𝔭𝔬𝔰𝔢
A Python script obfuscation tool for code protection and security
Add a description, image, and links to the av-bypass topic page so that developers can more easily learn about it.
To associate your repository with the av-bypass topic, visit your repo's landing page and select "manage topics."