TartarusGate, Bypassing EDRs

Overview

Tartarus' Gate - Bypassing EDRs

Description

Hell's Gate evolved to Halo's Gate to bypass EDRs by unhooking some of them and now it turned to Tartarus' Gate to handle even more WINAPI hooking methods.

I have added some more ASM commands just for "obfuscation" for the syscalls.
To use, just simply replace without shellcode, that is in .text segment on purpose although it will work in any other segments. I will let you figure out why.

The custom method of "memcpy" is replaced with NtWriteVirtualMemory since it did not work very well with certain EDRs but if you still want to use it, just comment the line of NtWriteVirtualMemory and uncomment the VxMoveMemory.

Credits / References

Reenz0h from @SEKTOR7net (Creator of the HalosGate technique )
@smelly__vx & @am0nsec ( Creators/Publishers of the Hells Gate technique )
Owner
Thanasis Tserpelis
Penetration Tester & Security Vulnerability Researcher | OSCP | OSEE | OSWP | OSCE
Thanasis Tserpelis
Evasive shellcode loader for bypassing event-based injection detection (PoC)

(cleaned up version here: https://github.com/xinbailu/DripLoader-Ops) DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection de

Filip Olszak 520 Aug 3, 2022
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.

UAC bypass - DLL hijacking Description This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Summary

null 194 Aug 8, 2022
Evasive shellcode loader for bypassing event-based injection detection (PoC)

DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection. The project

Filip Olszak 521 Aug 8, 2022
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks,

Halil Dalabasmaz 372 Aug 8, 2022
EasyAntiCheat bypassing driver

EasyEACBypass EasyAntiCheat bypassing driver (23/01/2022) KernelMode driver with some parts not included so no pasta! Includes This driver includes a

0xfaer 34 Jul 30, 2022
This repo contains information about EDRs that can be useful during red team exercise.

EDRs This repo contains information about EDRs that can be useful during red team exercise. patch_syscall_dynamically64.c This proof-of-concept is res

Mr.Un1k0d3r 1.5k Aug 12, 2022
This is a brand-new technique for shellcode injection to evade AVs and EDRs

This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities. As to this date (23-01-2022) also hollows-hunter doesn't find it.

Idov 567 Aug 11, 2022
Bypassing EAC integrity checks by abusing a TOCTOU in Dead by Daylight.

RACEAC Bypassing EAC integrity checks by abusing a TOCTOU in Dead by Daylight. A few words In an attempt to stop people from cheating by modifying gam

Layle | Luca 21 May 1, 2022
Evasive shellcode loader for bypassing event-based injection detection (PoC)

(cleaned up version here: https://github.com/xinbailu/DripLoader-Ops) DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection de

Filip Olszak 520 Aug 3, 2022
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.

UAC bypass - DLL hijacking Description This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Summary

null 194 Aug 8, 2022
Evasive shellcode loader for bypassing event-based injection detection (PoC)

DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection. The project

Filip Olszak 521 Aug 8, 2022
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks,

Halil Dalabasmaz 372 Aug 8, 2022
EasyAntiCheat bypassing driver

EasyEACBypass EasyAntiCheat bypassing driver (23/01/2022) KernelMode driver with some parts not included so no pasta! Includes This driver includes a

0xfaer 34 Jul 30, 2022