Detection Avoidance

Section-based payload obfuscation technique for x64 - pygrum/gimmick

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry...

Guaranteed compile-time string literal obfuscation header-only library for C++14

The first step in reversing any binary for any purpose is to try and elicit any meaningful information that is most easy to retrieve. One such information is clear text strings in the binary. They may disclose a lot of information if the programmer did not take care to remove …

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

C++ self-Injecting dropper based on various EDR evasion techniques.

DKMC - Dont kill my cat - Malicious payload evasion tool

Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasive maneuvers…specifically, .js files for the first drops on a machine. Oh and yes, you’re reading that correctly. I said .js, because believe it or not it is still actively used and HIGHLY effective at bypassing your most common EDR solutions today. Why is that? Well, it’s likely due to a few reasons:

AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process.

A Payload Loader Designed With Advanced Evasion Features - GitHub - NUL0x4C/TerraLdr: A Payload Loader Designed With Advanced Evasion Features

PE obfuscator with Evasion in mind. Contribute to TheD1rkMtr/PE-Obfuscator development by creating an account on GitHub.

Generate an obfuscated DLL that will disable AMSI & ETW

Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.