Projects in Awesome Lists by VirtualAlllocEx
A curated list of projects in awesome lists by VirtualAlllocEx .
https://github.com/virtualalllocex/defcon-31-syscalls-workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
antivirus-bypass antivirus-evasion direct-syscalls edr-bypass edr-evasion indirect-syscalls malware-analysis malware-development malware-development-guide shellcode shellcode-loader syscalls windows-internals workshop
Last synced: 04 Apr 2025
https://github.com/virtualalllocex/payload-download-cradles
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
antivirus-evasion bypass-antivirus bypass-edr edr-evasion payload
Last synced: 10 Apr 2025
https://github.com/VirtualAlllocEx/Payload-Download-Cradles
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
antivirus-evasion bypass-antivirus bypass-edr edr-evasion payload
Last synced: 12 Jul 2025
https://github.com/virtualalllocex/create-thread-shellcode-fetcher
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.
antivirus-evasion bypass-antivirus edr-bypass msfvenom shellcode-injection shellcode-loader
Last synced: 09 Apr 2025
https://github.com/VirtualAlllocEx/Create-Thread-Shellcode-Fetcher
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.
antivirus-evasion bypass-antivirus edr-bypass msfvenom shellcode-injection shellcode-loader
Last synced: 07 Sep 2025
https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
av-bypass av-evasion direct-syscalls edr-bypass edr-evasion indirect-syscalls shellcode-loader windows-int
Last synced: 04 Apr 2025
https://github.com/virtualalllocex/direct-syscalls-vs-indirect-syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
av-bypass av-evasion direct-syscalls edr-bypass edr-evasion indirect-syscalls shellcode-loader windows-int
Last synced: 11 Jul 2025
https://github.com/virtualalllocex/taskschedule-persistence-download-cradles
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
antivirus-evasion bypass-antivirus bypass-edr edr-evasion payload
Last synced: 03 Jan 2026
https://github.com/virtualalllocex/direct-syscalls-a-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
Last synced: 11 Jul 2025
https://github.com/virtualalllocex/shell-we-assembly
Shellcode execution via x86 inline assembly based on MSVC syntax
av-bypass av-evasion edr-bypass edr-evasion inline-assembly windows-internals
Last synced: 14 Apr 2025