Features
A comprehensive list of EvadeX's features. If you have additional questions about what's listed below, don't hesitate to reach out.
Evasion techniques
Compile-Time API Hashing
Novel Memory Scan Evasion (Caro Kann Execution)
AMSI Patching
ETW Patching
AES-256 Shellcode Encryption
Base32 Shellcode Encoding
Anti-AV Signature Technology
Payload Entropy Reduction
API Hammering
Randomized Polymorphism
Advanced Unlinking of EDR/AV Modules
Anti-debug Capability
Anti-Virtual Machine and Sandbox Capability
Drip Allocation
Private Persistence Mechanism
Private Execution Timing Options
Private Execution Method
Advanced Process Injection
Callstack Spoofing
Shellcode Staging
Coming soon
Private Stage-0 C2 for MacOS and Linux (NixX)
Coming soon
Obfuscation Customizations
File Bloating
Code Signing
Certificate Stealing
Executable Metadata (Icon, Filename, Copyright, etc.)
Binary Creation and Kill Date
Execution Delay
Pre-load Network Modules
Product Support and Infrastructure
First-Class API Integration
Online Payload Creation (No AV/EDR exclusion needed)
Direct Line of Communication with Dev Team
Custom Payload Support
Large Payload Support
Built-in Payload Library (Execute Cmd, Add User, etc.)
Predefined EDR Evasion Templates
Executable Customizations
Standard Output Packing Formats (zip, 7zip, img)
DLL Function Name
Domain, hostname, and username guardrails/pinning
Watermarking
XLL & SFX Output Formats
DLL Proxying
ClickOnce Application Output Format
DLL Sideloading LNK
Add APT strings in multiple languages