Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

🌟[NEW] Log by Telegram+Clipper ✅ [0/70] FUD Stealer can bypass all antivirus (Our Grabber can grabs: Wallets, Passwords, Credit Card, Cookies, Autofills, All Discord Token and info, Telegram, Twitter, TikTok, Twitch, Spotify, Riot Games, Roblox, Steam, Wallet Injection and Backup code ( 2fa/a2f ). 🔑 ⚠Disclaimer: We're not liable for caused damage

What AV? 一款轻量级的杀软在线识别的项目，持续更新ing

🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.

A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for educational purposes only.

ShadeLoader is a shellcode loader designed to bypass most antivirus software. 壳代码, 杀毒软件, 绕过

The provided Python program, Inject-EXE.py, allows you to combine a malicious executable with a legitimate executable, producing a single output executable. This output executable will contain both the malicious and legitimate executables.

Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust

𝐀 𝐕 𝐊 𝐈 𝐋 𝐋 𝐄 𝐗 𝐄 𝐂

How to bypass windows defender by forcing uac

Red Teaming Tactics and Techniques

The most powerful stealer written in Python 3 and packed with a lot of features.

Generate obfuscated PowerShell commands using XOR logic with random keys!

Bypass Windows Defender with a persistent staged reverse shell using C code & metasploit framework

Windows RAT w/ antivirus bypass.

Hybrid Encryption Dropper with HWID system.

A simple, obfuscated in-memory injection script written in PowerShell that bypasses Windows Defender

Anti Malware Scan Interface (DLL) Bypass

Actively captures host computer’s clipboard content. Logs keystrokes into a readable text log. Takes a screenshot of host computer by every mouse-click occurrence. Encrypts all logs and images created by the tool. The python code itself is encrypted to hinder detection by anti-virus software.

WinRM Reverse Shell Using Powershell.