Multilayered AV/EDR Evasion Framework (no longer actively maintained)
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.
Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.
Event Tracing for Windows EDR bypass in Rust (usermode)
A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
Modern WinRM shell for red teams and CTFs with automated tool staging, AV bypass, recon, and credential/loot extraction
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
Header-only Windows x64 indirect syscall library. Zero CRT, zero IAT, VEH anti-BP, AMSI/ETW bypass, W^X memory, per-call dynamic stubs.
Modular malware development library in Go - shellcode injection, defense evasion (AMSI/ETW/unhook), process herpaderping, C2 transport, syscall bypass, MITRE ATT&CK mapped
Clean forensic traces on Linux, macOS, and Windows with Nyx. This alpha tool helps maintain privacy by removing various system artifacts. 🐙💻
Diabellstar is a Rust-based tool that performs ETW bypass by patching the NtTraceEvent function in ntdll.dll
Add a description, image, and links to the etw-bypass topic page so that developers can more easily learn about it.
To associate your repository with the etw-bypass topic, visit your repo's landing page and select "manage topics."