An Active Defense and EDR software to empower Blue Teams

Little user-mode AV/EDR evasion lab for training & learning purposes

Enumerate and disable common sources of telemetry used by AV/EDR.

Evasive shellcode loader for bypassing event-based injection detection (PoC)

iMonitor（冰镜 - 终端行为分析系统）

Security product hook detection

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

Repository to publish your evasion techniques and contribute to the project

A tool for monitoring system events and sending relevant information to the EDR server for further analysis and response.