[Defcon tool] Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion

Zombie Ant Farm: A Kit For Playing Hide and Seek with Linux EDRs

Why?

Because monolithic offensive tools are never enough and building your own offensive strategies and tools is fun.

What?

• Offensive Preloading Primitives and Building Blocks.
• Distributed Payload Warehousing and Delivery Service.
• In-Memory Payload Delivery Assistant.
• ASLR Weakening shims
• Reflectively evasive techniques.

Components

• ZAF Preloaders
• ZAF Evasion Primitives
• ZAF Warehouse Service
• In-memory execution and preload
• ASRL Weakening Kits.