C:\Users\Offensive-Panda>whoami
My name is Usman Sikander (a.k.a Offensive-Panda). I am passionate about identifying, researching advanced evasion techniques and analyzing real-world samples to extract TTPs to validate security posture through APT emulations. With a proven track record in developing undetected exploits across MITRE ATT&CK tactics and automating exploit processes, I excel in comprehensive endpoint simulations in controlled environment with the presence of security controls.
Defense Evasion Techniques
Welcome to the Defense Evasion Techniques Repository! This curated collection offers advanced methods to bypass sophisticated security measures in Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) systems. Aimed at cyber security professionals and researchers, these techniques are invaluable for both Red Team and Blue Team operations.This repository includes strategies for manipulating system calls, obfuscating code, managing memory to evade detection and other advanced evasion techniques. By leveraging these methods, experts can enhance penetration testing, red teaming, malware analysis, and develop more resilient defenses.
Evasion Techniques
Technique | Description |
---|---|
Syscalls | Exploring ways to manipulate system calls to evade detection. |
Direct and Indirect Calls | Strategies for making direct and indirect function calls to evade detection mechanisms. |
API Hashing | Techniques for obfuscating and altering API calls to avoid detection. |
Obfuscation | Methods to obfuscate code and make it harder to analyze. |
Encryption | Use of encryption to bypass static analysis of EDRs. |
Egg Hunting | Syscall Instruction In-memory patching to bypass static detection. |
Random Instructions and Prototypes | Use random NOP instructions and name of API, prototypes to avoid static analysis. |
Mokingjay | Use of vulnerable dll to avoid detection of RWX memory region creation. |
Forking Technique | Use of windows fork API to clone parent process after injecting shellcode, avoid detection of CreateRemoteThread. |
Unhooking | Unhooking EDRs user mode hooks using clean copy of dll, raw copy from remote server, suspended process to bypass EDRs. |
ETW Patching | Applying ETW patching to avoid event based detection. |
PEB Lookup | Resolving SSN and Native API's on run-time using PEB lookup for 32bits & 64bits. |
RWX Memory Block Hunt | Hunt for already created RWX region to write and execute shellcode. This technique remove the dependencies of vulnerable DLL with RWX and API to allocate RWX. |
BYOVD | Bring your own vulnerable driver which involves deploying drivers that are legitimately signed and can be successfully loaded into Windows systems to execute code in kernel context. |
My Blogs
My Posts
Github Repo
"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures. | https://github.com/Offensive-Panda/D3MPSEC |
Combination of multiple evasion techniques to evade defenses. (Dirty Vanity) | https://github.com/Offensive-Panda/DV_NEW |
Capture_attacks_using_honeypots | https://github.com/Offensive-Panda/Collect_Threat_Intel_AND_Malware_Using_Honeypots |
Persistence_AND_Anti_Sandbox | https://github.com/Offensive-Panda/Persistence_AND_Anti_Sandbox |
on-disk-detection-bypass | https://github.com/Offensive-Panda/on-disk-detection-bypass |
C2_Elevated_Shell_DLL_Hijcking | https://github.com/Offensive-Panda/C2_Elevated_Shell_DLL_Hijcking |
Rwx Hunting and Injection using Fork API | https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV |
Evasion Mastery and Deep dive into threats.
Disclaimer
The content, techniques, and tools provided in this repository are intended solely for educational and research purposes within the cybersecurity community. I explicitly disclaim any responsibility for the misuse or unlawful use of the provided materials. Any actions taken based on the information are done so at the user's own risk.