Home

Awesome

Overview

The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description, screenshots and mitigations suggestions, suites for both blue and red teams in the assessment of a post-exploitation phase.

Requirements

Usage instructions

Download the Evasor project and complie it. Verify to exclude from the project the App.config file from the reference tree.

<img src="https://github.com/cyberark/Evasor/blob/master/devenv_vTcX5EfWI2.png" width="1000">

run Evasor.exe from the bin folder. Choose your numeric option from the follwoing:

<img src="https://github.com/cyberark/Evasor/blob/master/Evasor_WCpOGoPmka.png" width="1000">
  1. Locating executable files that can be used to bypass the Application Control!
  1. Locating processes that vulnerable to DLL Hijacking!
  1. Locating for potential hijackable resource files
  1. Generating an automatic assessment report word document includes a description of tests and screenshots taken.

Contributing

We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our contributing guide.

License

This repository is licensed under Apache License 2.0 - see LICENSE for more details.

Share Your Thoughts And Feedback

For more comments, suggestions or questions, you can contact Arik Kublanov from CyberArk Labs: Copyright © 2020 CyberArk Software Ltd. All rights reserved. Labs. You can find more projects developed by us in https://github.com/cyberark/.

Notes