APCLdr – Payload Loader With Evasion Features

Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 – payload is saved in .rsrc Payload injection using APC calls – alertable thread Payload execution using APC – alertable thread Execution delation using MsgWaitForMultipleObjects – edit this the total sizeRead More

OffensivePipeline – Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises

[*] OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the resulting binary and generate a shellcode. Features CurrentlyRead More

AVIator – Antivirus Evasion Project

AviAtor Ported to NETCore 5 with an updated UI AV|Ator About://name AV: AntiVirus Ator: Is a swordsman, alchemist, scientist, magician, scholar, and engineer, with the ability to sometimes produce objects out of thin air (https://en.wikipedia.org/wiki/Ator) About://purpose AV|Ator is a backdoor generator utility, which uses cryptographic and injection techniques in order to bypass AV detection. MoreRead More

TerraLdr – A Payload Loader Designed With Advanced Evasion Features

TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 – payload is saved in .rsrc process injection – targetting ‘SettingSyncHost.exe’ ppid spoofing & blockdlls policy using NtCreateUserProcess stealthy remote process injection – chunking using debugging &Read More

AceLdr – Cobalt Strike UDRL For Memory Scanner Evasion

A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect.  Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new heap for any allocations from Beacon and encrypts entries before sleep. Code Obfuscation and Encryption Changes the memory containingRead More

DeathSleep – A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they have the objective of hiding from memory scanners while sleeping, usually changing pageRead More

OffensiveVBA – Code Execution And AV Evasion Methods For Macros In Office Documents

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates – so this repo can be used for such. It is very far away from being complete.Read More

Nim-Loader – WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is for research purposes only! Please don’t expect it to compile and run without your own modifications. Instructions Replace the byte array in loader.nim with your ownRead More

Frostbyte – FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads

FrostByte Progolue: In the past few days I’ve been experimenting with the AppDomain manager injection technique had a decent success with it in my previous Red Team engagements against certain EDRs. Although, this is really good for initial access vector, I wanted to release a POC which will help hiding your shellcode elsewhere. No moreRead More

SysWhispers3 – AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. Why on earth didn’t I create a PR to SysWhispers2? The reason for SysWhispers3 to be a standalone version are many, but the most important are: SysWhispers3 is the de-facto “fork” used by Inceptor, and implements some utils classRead More