will be shutting down on 30th of June.
/d/hacking icon


22,793 subscribers

Everything related to hacking, opsec, and programming. Malware, phishing, DDoS, coding, research and news.


• Be civil.

• No promotion for paid content or selling of guides.

• No looking for or advertising hacking services. For that please visit /d/Jobs4Crypto.

• Be nice to newbies, you used to be one of them.

All rules as well as the punishments are here.

Crypters, AV/EDR Evasion

by /u/fraudboy69 · 1 votes · 3 weeks ago

Can anyone suggest a good crypting service first of all? A lot of shitty ones, scams, or extremely overpriced services.

Then can anyone give more general advice about evading AV and EDR? I know there are various methods. Like making an obfuscated powershell script to turn off Windows Defender or adding your file or the entire C: directory to the exception list so that WD won't scan it. Anyone know anymore tactics? Should I combine various tactics? Okay, this is something that's possible to figure out on my own I reckon. But when it comes to EDRs how do people evade them? So many different things can trigger an EDR, fairly innocuous activity on a workstation can trigger it. How do you bypass this? If I am targeting a victim whom I know has an EDR installed on their network/computer, what do I do to evade that? I know this may not necessarily be the best forum but I'm not sure where else to ask these kind of questions.

Comments (11)
/u/Bros_Unwanted_Creampie · 1 votes · 3 weeks ago · Link


/u/fraudboy69 OP · 1 votes · 3 weeks ago · Link

if AV is off how will computer remove it? If it is never detected by signature or behavior how will AV remove it?

You sure about that? there is definitely still botnets that exist these days.

Where do I find pure crypter?

/u/Bros_Unwanted_Creampie · 1 votes · 3 weeks ago · Link


/u/fredzones · 1 votes · 2 weeks ago · Link

who is smoke?

/u/Bros_Unwanted_Creampie · 1 votes · 2 weeks ago · Link


/u/fredzones · 1 votes · 2 weeks ago · Link

But is he legit?

By dirty, you mean doxxed, or working with FSB?

/u/Bros_Unwanted_Creampie · 1 votes · 2 weeks ago · Link


/u/fredzones · 1 votes · 2 weeks ago · Link

Where can I find this "dirty Russian" aka Selective Scammer?

/u/Bros_Unwanted_Creampie · 1 votes · 2 weeks ago · Link

He mostly works on random Russian forums, Hack Forums will know exactly where he is

/u/sport · 1 votes · 3 weeks ago · Link

its a highly complicated and deep topic. you wont find a AV/EDR bypass. theres just some thing that work and some dont. in my experience most things might work one day but the next day they dont. things like native syscalls, hardware breakpoints, DLL unhooking etc can help if you know how to work with them and remove known signatures. if you dont know opsec even after bypassing EDR your beacon or implant will be killed immidiately. theres a lot of blogs online. read them. learn it. theres also some tools that you can buy from legitimate red teams that sell them for a price that can help. but not unless u dont know what youre doing.

/u/fraudboy69 OP · 1 votes · 2 weeks ago · Link

I have looked at some of these blogs online. It's mainly EDR that I want to know how to bypass, AV is easier. How would the implant be "killed immediately" if you unhooked the system or something? Removing known signatures? If you mean file signatures, then easy, but do you mean like behavioral detection or something?