edr-bypass topic

Automated DLL Sideloading Tool With EDR Evasion Capabilities

georgesotiriadis

Small PoC of using a Microsoft signed executable as a lolbin.

mrexodia

frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR'...

roadwy

Materials for the workshop "Red Team Ops: Havoc 101"

WesleyWong420

silence file system monitoring components by hooking their minifilters

0mWindyBug

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

VirtualAlllocEx

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

VirtualAlllocEx

Use hardware breakpoints to spoof the call stack for both syscalls and API calls

fortra

PowerJoker is a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.

Adkali

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

VirtualAlllocEx