stager.dll
Evading Defender
A tool that embeds known payloads to evade detection by Windows Defender
Code from this article: https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/
170 stars
8 watching
52 forks
Language: C++
last commit: over 5 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 b4rtik/hiddenpowershelldll | A PowerShell evasion tool that uses a DLL to bypass security measures and execute a hidden stager | 93 |
 joshfaust/alaris | A low-level shellcode loader that defeats modern EDR systems by utilizing various evasion techniques and encryption. | 891 |
 zha0gongz1/desertfox | A Go-based tool for loading and executing malicious shellcode while evading anti-virus detection | 125 |
 0xsp-srd/mortar | A toolset designed to evade detection by security products and execute malware safely | 1,421 |
 rkervella/carbonmonoxide | A toolkit for evading endpoint detection and response (EDR) by combining techniques to spoof system properties and inject malicious code. | 24 |
 epi052/rustdsplit | Re-implements a method to bypass signature-based AV detection by splitting a file into two halves and modifying one byte in each half to evade detection. | 35 |
 mojtabatajik/robber | Tools to detect DLL hijacking vulnerabilities in executable files | 767 |
 ideaslocas/adll | A tool for detecting DLL hijacking vulnerabilities in binaries. | 70 |
 govolution/avet | An AntiVirus Evasion Tool allowing developers to experiment with and create various evasion techniques for Windows executable files | 1,660 |
 elastic/pplguard | A proof-of-concept tool to mitigate vulnerabilities in Windows security flaws affecting Protected Processes Light processes | 69 |
 mgeeky/shellcodefluctuation | An advanced in-memory evasion technique for hiding malicious code from scanners by fluctuating shellcode's memory protection and encrypting its contents. | 957 |
 jklepsercyber/defender-detectionhistory-parser | A Python-based tool for parsing and analyzing Windows Defender's DetectionHistory forensic artifact. | 110 |
 mobdk/core | A tool that bypasses Windows Defender to execute any binary converted to shellcode using system calls. | 43 |
| mgeeky/threadstackspoofer | An advanced in-memory evasion technique to hide injected shellcode's memory allocation from scanners and analysts. | 1,053 |
| govolution/avetosx | An AntiVirus Evasion Tool for Windows systems using assembly shellcodes and encoding techniques. | 4 |