Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

Sandbox evasion code snippets developped in Golang

I completely russified and modified njrat and added an interface I am not criminally responsible for what you do with my program

Sandbox/Heuristic PowerShell Bypass

The RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

A tool for stealth persistence and bypassing security controls on Windows systems through shadow cache manipulation and direct syscall invocation.