{"payload":{"pageCount":2,"repositories":[{"type":"Public","name":"SelectMyParent","owner":"EvasionEDR","isFork":true,"description":"PPID Spoofing","allTopics":[],"primaryLanguage":{"name":"HTML","color":"#e34c26"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":7,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-04T11:18:03.101Z"}},{"type":"Public","name":"EvasionDetect","owner":"EvasionEDR","isFork":false,"description":"memory evasion and detect mechanisms","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":7,"forksCount":0,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-04T11:13:12.388Z"}},{"type":"Public","name":"DefenderYara","owner":"EvasionEDR","isFork":true,"description":"Extracted Yara rules from Defender mpavbase.vdm and mpasbase","allTopics":[],"primaryLanguage":{"name":"YARA","color":"#220000"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":46,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-02-05T14:16:17.185Z"}},{"type":"Public","name":"noWatch","owner":"EvasionEDR","isFork":true,"description":"Implant drop-in for EDR testing","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":19,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-11-15T10:32:41.850Z"}},{"type":"Public","name":"Capstone-Project","owner":"EvasionEDR","isFork":true,"description":"This project was for my senior capstone at the University of Arizona. I wanted to create a payload that would potentially bypass AV / EDR products using techniques that negate or circumvent detection techniques used by these products.","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":3,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-11-14T22:45:56.146Z"}},{"type":"Public","name":"EchoDrv","owner":"EvasionEDR","isFork":true,"description":"Exploitation of echo_driver.sys","allTopics":[],"primaryLanguage":{"name":"C#","color":"#178600"},"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":27,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-09-16T14:41:10.059Z"}},{"type":"Public","name":"SweetDreams","owner":"EvasionEDR","isFork":true,"description":"Implementation of Advanced Module Stomping and Heap/Stack Encryption","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":31,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-25T13:16:51.409Z"}},{"type":"Public","name":"Learning-EDR-and-EDR_Evasion","owner":"EvasionEDR","isFork":true,"description":"I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.","allTopics":[],"primaryLanguage":{"name":"HTML","color":"#e34c26"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":28,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-20T09:33:47.994Z"}},{"type":"Public","name":"ContainYourself","owner":"EvasionEDR","isFork":true,"description":"A POC of the ContainYourself research presented in DEF CON 31, which abuses the Windows containers framework to bypass EDRs.","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":37,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-13T07:59:43.975Z"}},{"type":"Public","name":"YaraCatch","owner":"EvasionEDR","isFork":true,"description":"some yara rules for catch your payload which made myself","allTopics":[],"primaryLanguage":{"name":"YARA","color":"#220000"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":1,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-05T14:40:32.495Z"}},{"type":"Public","name":"PageSplit","owner":"EvasionEDR","isFork":true,"description":"Splitting and executing shellcode across multiple pages","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":13,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-06-08T01:18:28.315Z"}},{"type":"Public","name":"donut","owner":"EvasionEDR","isFork":true,"description":"Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":623,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-04-26T21:11:01.677Z"}},{"type":"Public","name":"AV-EPP-EDR-Windows-API-Hooking-List","owner":"EvasionEDR","isFork":true,"description":"Depending on the AV/EDR we will check which Windows APIs are hooked by the AV/EDR","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":33,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-04-16T12:07:41.855Z"}},{"type":"Public","name":"EntropyReducer","owner":"EvasionEDR","isFork":true,"description":"Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":55,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-03-04T13:51:47.604Z"}},{"type":"Public","name":"hw-call-stack","owner":"EvasionEDR","isFork":true,"description":"Use hardware breakpoints to spoof the call stack for both syscalls and API calls","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":28,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-03-03T16:27:29.458Z"}},{"type":"Public","name":"plague","owner":"EvasionEDR","isFork":true,"description":"Default Detections for EDR","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":12,"license":"GNU General Public License v3.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-02-19T16:08:00.853Z"}},{"type":"Public","name":"CallStackMasker","owner":"EvasionEDR","isFork":true,"description":"A PoC implementation for dynamically masking call stacks with timers.","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":33,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-02-13T17:04:16.270Z"}},{"type":"Public","name":"ntdlll-unhooking-collection","owner":"EvasionEDR","isFork":true,"description":"different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":37,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-02-07T16:54:50.587Z"}},{"type":"Public","name":"Alcatraz","owner":"EvasionEDR","isFork":true,"description":"x64 binary obfuscator","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":241,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-01-16T23:09:49.838Z"}},{"type":"Public","name":".NET-Obfuscator","owner":"EvasionEDR","isFork":true,"description":"Lists of .NET Obfuscator (Free, Freemium, Paid and Open Source )","allTopics":[],"primaryLanguage":null,"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":211,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-12-13T13:50:18.246Z"}},{"type":"Public","name":"PatchThatAMSI","owner":"EvasionEDR","isFork":true,"description":"this repo contains 6 AMSI patches , both force the triggering of a conditional jump inside AmsiOpenSession() that close the Amsi scanning session. The 1st patch by corrupting the Amsi context header and the 2nd patch by changing the string \"AMSI\" that will be compared to the Amsi context header to \"D1RK\". The other just set ZF to 1.","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":0,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-10-22T13:30:26.714Z"}},{"type":"Public","name":"NoRunPI","owner":"EvasionEDR","isFork":true,"description":"Run Your Payload Without Running Your Payload","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":29,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-10-16T16:19:17.739Z"}},{"type":"Public","name":"Janus","owner":"EvasionEDR","isFork":true,"description":"Janus is a pre-build event that performs string obfuscation during compile time. This project is based off the CIA's Marble Framework","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":32,"license":"GNU General Public License v3.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-10-14T04:52:30.880Z"}},{"type":"Public","name":"ObfLoader","owner":"EvasionEDR","isFork":false,"description":"MAC, IPv4, UUID shellcode Loaders and Obfuscators to obfuscate the shellcode and using some native API to converts it to it binary format and loads it.","allTopics":[],"primaryLanguage":{"name":"C++","color":"#f34b7d"},"pullRequestCount":0,"issueCount":0,"starsCount":3,"forksCount":35,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-10-06T05:09:57.017Z"}},{"type":"Public","name":"Obfuscator","owner":"EvasionEDR","isFork":true,"description":"A program for obfuscating C strings","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":7,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-09-21T10:30:54.196Z"}},{"type":"Public","name":"c_syscalls","owner":"EvasionEDR","isFork":true,"description":"Single stub direct and indirect syscalling with runtime SSN resolving for windows. ","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":21,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-09-12T12:16:29.783Z"}},{"type":"Public","name":"ProtectMyTooling","owner":"EvasionEDR","isFork":true,"description":"[壳] Multi-Packer allowing to daisy-chain over 29 packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.","allTopics":[],"primaryLanguage":{"name":"PowerShell","color":"#012456"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":124,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-07-15T10:23:06.556Z"}},{"type":"Public","name":"Mangle","owner":"EvasionEDR","isFork":true,"description":"Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs","allTopics":[],"primaryLanguage":{"name":"Go","color":"#00ADD8"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":153,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-21T19:53:38.287Z"}},{"type":"Public","name":"DllToShellCode","owner":"EvasionEDR","isFork":true,"description":"Fast Conversion Windows Dynamic Link Library To ShellCode","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":127,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-03-10T09:43:54.918Z"}},{"type":"Public","name":"EtwTi-Syscall-Hook","owner":"EvasionEDR","isFork":true,"description":"A simple program to hook the current process to identify the manual syscall executions on windows","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":45,"license":"BSD 2-Clause \"Simplified\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-01-09T00:13:22.288Z"}}],"repositoryCount":33,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"EvasionEDR repositories"}