DefenderCheck
mortar
DefenderCheck | mortar | |
---|---|---|
3 | 3 | |
2,130 | 1,348 | |
- | 1.0% | |
2.5 | 5.7 | |
8 months ago | 4 months ago | |
C# | Pascal | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DefenderCheck
- DefenderCheck - Identifies the bytes that Microsoft Defender flags on.
- DefenderCheck: Identifies the bytes that Microsoft Defender flags on
-
Anyone else having trouble bypassing Defender since yesterday?
Try using Defendercheck to see what the offending bytes are. Also, have you tried any AMSI bypasses?
mortar
- Mortar Loader: evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR) - Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive
-
mortar: evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
it is now fixed, it was an issue with the encryptor.https://github.com/0xsp-SRD/mortar/issues/1
What are some alternatives?
ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
TelemetrySourcerer - Enumerate and disable common sources of telemetry used by AV/EDR.
awesome-dotnet-core - :honeybee: A collection of awesome .NET core libraries, tools, frameworks and software
Veil - Veil 3.1.X (Check version info in Veil at runtime)
Roslyn - The Roslyn .NET compiler provides C# and Visual Basic languages with rich code analysis APIs.
URL-obfuscator - Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
Chimera - Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Avalonia - Develop Desktop, Embedded, Mobile and WebAssembly apps with C# and XAML. The most popular .NET UI client technology
Payload-Download-Cradles - This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Shhmon - Neutering Sysmon via driver unload
AntiCrack-DotNet - C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.