[Defcon tool] Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion

Zombie Ant Farm: A Kit For Playing Hide and Seek with Linux EDRs


Because monolithic offensive tools are never enough and building your own offensive strategies and tools is fun.


  • Offensive Preloading Primitives and Building Blocks.
  • Distributed Payload Warehousing and Delivery Service.
  • In-Memory Payload Delivery Assistant.
  • ASLR Weakening shims
  • Reflectively evasive techniques.


  • ZAF Preloaders
  • ZAF Evasion Primitives
  • ZAF Warehouse Service
  • In-memory execution and preload
  • ASRL Weakening Kits.

Install & Use

Copyright (c) 2019 D.Snezhkov

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services