Freeze
Limelighter
Freeze | Limelighter | |
---|---|---|
8 | 4 | |
1,317 | 843 | |
- | - | |
5.0 | 0.0 | |
9 months ago | about 1 year ago | |
Go | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Freeze
- Red team engagement help!
-
Bypassing Windows Defender 2023
At the moment I am trying to obfuscate a cobaltstrike exe beacon. I tried with https://github.com/optiv/Freeze and with a custom shellcode loader (encrypted in AES) in C++ but I didn't get any luck.
- Freeze - a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
- Freeze - Payload Generation Toolkit for Bypassing EDR
- Freeze: Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods on Windows
Limelighter
-
Red team engagement help!
Use lime lighter to fake code sign for better static detection evasion https://github.com/Tylous/Limelighter
- Limelighter - A tool for generating fake code signing certificates or signing real ones
- LimeLighter - A tool for generating fake code signing certificates or signing real ones
What are some alternatives?
SigThief - Stealing Signatures and Making One Invalid Signature at a Time
certerator - A tool to generate a custom code signing certificate chain and generate instructions to sign a binary. Useful for establishing persistence on a penetration test.
ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
NSGenCS - Extendable payload obfuscation and delivery framework
aes_dinvoke - a repository that contains the program.cs source file that has D/Invoke bare minimum implementation and AES encryption for shellcode execution
AceLdr - Cobalt Strike UDRL for memory scanner evasion.
go - The Go programming language
EDRs
CarbonCopy - A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux