Detection Avoidance

Detection Avoidance

vxCrypt0r/Voidgate: A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
vxCrypt0r/Voidgate: A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry...
·github.com·
vxCrypt0r/Voidgate: A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
Binary obfuscation - String obfuscating in C
Binary obfuscation - String obfuscating in C
The first step in reversing any binary for any purpose is to try and elicit any meaningful information that is most easy to retrieve. One such information is clear text strings in the binary. They may disclose a lot of information if the programmer did not take care to remove …
·yurisk.info·
Binary obfuscation - String obfuscating in C
myzxcg/RealBlindingEDR
myzxcg/RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
·github.com·
myzxcg/RealBlindingEDR
pard0p/Cordyceps
pard0p/Cordyceps
C++ self-Injecting dropper based on various EDR evasion techniques.
·github.com·
pard0p/Cordyceps
Mr-Un1k0d3r/DKMC
Mr-Un1k0d3r/DKMC
DKMC - Dont kill my cat - Malicious payload evasion tool
·github.com·
Mr-Un1k0d3r/DKMC
Malware EDR Evasion Techniques
Malware EDR Evasion Techniques
Yo, how’s it going everyone. Sorry it’s been a while since my last post. Fear not, I’m geared up and ready to dive in to a full discussion on Malware evasive maneuvers…specifically, .js files for the first drops on a machine. Oh and yes, you’re reading that correctly. I said .js, because believe it or not it is still actively used and HIGHLY effective at bypassing your most common EDR solutions today. Why is that? Well, it’s likely due to a few reasons:
·g3tsyst3m.github.io·
Malware EDR Evasion Techniques