Multilayered AV/EDR Evasion Framework (no longer actively maintained)

NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support

A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.

Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.

Event Tracing for Windows EDR bypass in Rust (usermode)

A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow

Modern WinRM shell for red teams and CTFs with automated tool staging, AV bypass, recon, and credential/loot extraction

Loads a C# binary in memory within powershell profile, patching AMSI + ETW.

ETW Bypass by patching main ETW internal function

Go offensive-security research library — 15+ injection methods, AMSI/ETW/ntdll-unhook evasion, sleep mask (Ekko × XOR/RC4/AES), call-stack spoof, BYOVD (RTCore64) + kernel callback removal, LSASS dump + pure-Go MSV1_0 parser w/ PPL bypass, recon (sandbox/VM/debugger/dllhijack), PE ops (sRDI/BOF/CLR), Meterpreter C2, UAC bypass, CVE-2024-30088 LPE.

Header-only Windows x64 indirect syscall library. Zero CRT, zero IAT, VEH anti-BP, AMSI/ETW bypass, W^X memory, per-call dynamic stubs.

Remove ETW providers from session &ETW session hijack

Clean forensic traces on Linux, macOS, and Windows with Nyx. This alpha tool helps maintain privacy by removing various system artifacts. 🐙💻

Diabellstar is a Rust-based tool that performs ETW bypass by patching the NtTraceEvent function in ntdll.dll