evasion / edr

MENU

• articles
• eol
• tools
  • all-in-one
  • dropper
  • manual-loader
  • automatic-loader
  • generate-shellcode
  • manual-obfuscation
  • automatic-obfuscation
  • process-injection
  • detect-vm
  • from-pe-to-shellcode
  • from-alive-beacon

MUST-WATCH

🔥 GEMINI YT Channel 🔥

🔥 CMEPW BypassAV mindmap 🔥

_repo	_last_pushed	_stars	_watch	_language

articles

Date	EDR	Version	Bypass	Author
2023-02	Palo Alto XDR	-	auditconf
2022-09	Palo Alto XDR	7.8.0	regnreboot	@bentamam
2022-03	ALL	ALL	reflectiveDump	s3cur3th1ssh1t
2021-10	Windows Defender	x	viperone
2021-07	Palo Alto XDR	7.4.0	privescndisable	@mrdox
2021-02	ALL	ALL	scarecrow part 1	Optiv
2021-02	ALL	ALL	scarecrow part 2	Optiv
2020-11	Phantom	-	xxx

eol

• carbon black
• palo alto XDR

tools

all-in-one

_repo	_last_pushed	_stars	_watch	_language

dropper

_repo	_last_pushed	_stars	_watch	_language

manual-loader

_repo	_last_pushed	_stars	_watch	_language

automatic-loader

_repo	_last_pushed	_stars	_watch	_language

generate-shellcode

_repo	_last_pushed	_stars	_watch	_language

manual-obfuscation

_repo	_last_pushed	_stars	_watch	_language

automatic-obfuscation

_repo	_last_pushed	_stars	_watch	_language

process-injection

_repo	_last_pushed	_stars	_watch	_language

detect-vm

_repo	_last_pushed	_stars	_watch	_language

from-pe-to-shellcode

_repo	_last_pushed	_stars	_watch	_language

from-alive-beacon

_repo	_last_pushed	_stars	_watch	_language

recipes

• generate meterpreter
• install scarecrow
• instal garble

# generate the shellcode
./ScareCrow -I beacon.bin -domain -Loader dll -Exec VirtualAlloc

# target machine: run the shellcode
rundll32.exe  helloworld.dll, DllRegisterServer