Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/matterpreter/DefenderCheck

Identifies the bytes that Microsoft Defender flags on.
https://github.com/matterpreter/DefenderCheck

csharp evasion research-tool

Last synced: 21 days ago
JSON representation

Identifies the bytes that Microsoft Defender flags on.

Host: GitHub
URL: https://github.com/matterpreter/DefenderCheck
Owner: matterpreter
License: bsd-3-clause
Created: 2019-04-09T14:03:46.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-09-14T18:42:39.000Z (about 1 year ago)
Last Synced: 2024-11-21T06:36:01.583Z (21 days ago)
Topics: csharp, evasion, research-tool
Language: C#
Size: 677 KB
Stars: 2,317
Watchers: 43
Forks: 399
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - matterpreter/DefenderCheck - Identifies the bytes that Microsoft Defender flags on. (C# #)

README

# DefenderCheck
Quick tool to help make evasion work a little bit easier.

> **Warning:** As of the 1.337.157.0 Defender signature update, [DefenderCheck is classified as VirTool:MSIL/BytzChk.C!MTB](https://twitter.com/matterpreter/status/1387858265686544393?s=20). As a workaround while I work to get around this, please disable Real-time Protection in Defender before compiling DefenderCheck.

Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.

![](/demo.gif)

**Note:** Defender must be enabled on your system, but the realtime protection and automatic sample submission features should be disabled.