av-edr-evasion
OfficialBypass AV/EDR for payload delivery.
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers bypass antivirus and Endpoint Detection and Response (EDR) systems that block or quarantine malicious payloads during authorized security engagements.
Core Features & Use Cases
- Custom Payload Compilation: Generates custom DLLs and EXEs using Mingw-w64 or Go to evade signature-based detection.
- AMSI Bypass: Implements techniques to circumvent the Antimalware Scan Interface for PowerShell and script execution.
- Alternative Execution: Leverages LOLBins (Living Off The Land Binaries) and other methods to execute payloads when direct execution is blocked.
- ETW Patching: Reduces telemetry to evade detection by Event Tracing for Windows.
- Use Case: An attacker's initial payload was detected and quarantined by Windows Defender. This Skill can be used to recompile the payload as a custom DLL that bypasses Defender, allowing for continued exploitation.
Quick Start
Use the av-edr-evasion skill to compile a custom DLL payload that bypasses Windows Defender.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: av-edr-evasion Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#av-edr-evasion Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.