AbishekPonmudi / PlanqX_EDR-Endpoint-Detection-and-ResponseLinks
PlanqX EDR is an open-source, advanced Endpoint Detection and Response (EDR) solution for Windows, offering real-time system and network security. Features include API hooking, ELAM, ETW integration, AMSI, kernel-mode and APC callbacks, and baseline detection to provide comprehensive threat defense across boot-time and runtime.
☆15Updated 2 months ago
Alternatives and similar repositories for PlanqX_EDR-Endpoint-Detection-and-Response
Users that are interested in PlanqX_EDR-Endpoint-Detection-and-Response are comparing it to the libraries listed below
Sorting:
- Reverse Engineering and Malware Analysis Roadmap☆349Updated last month
- Some POCs for my BYOVD research and find some vulnerable drivers☆302Updated 3 weeks ago
- ☆345Updated last month
- Cybersecurity research results. Simple C/C++ and Python implementations☆248Updated last week
- PoCs for Kernelmode rootkit techniques research.☆378Updated 6 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆548Updated last week
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆230Updated 9 months ago
- Controlling Windows PP(L)s☆339Updated 2 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆202Updated last year
- Process Injection using Thread Name☆275Updated 3 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆403Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆230Updated 2 months ago
- Centralized resource for listing and organizing known injection techniques and POCs☆595Updated 3 weeks ago
- A small x64 library to load dll's into memory.☆448Updated last year
- Collect Windows telemetry for Maldev☆394Updated last week
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆503Updated last year
- ☆312Updated 3 years ago
- Pure Malware Development Resource Collections☆341Updated 7 months ago
- ☆258Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆287Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆452Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆563Updated last year
- Reverse engineering winapi function loadlibrary.☆209Updated 2 years ago
- ☆403Updated 8 months ago
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆1,149Updated last year
- A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.☆22Updated 3 months ago
- TartarusGate, Bypassing EDRs☆603Updated 3 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆273Updated last year
- 《Windows 内核安全编程技术实践》 系列丛书,探索 Anti RootKit 反内核工具核心原理与技术实现细节。☆66Updated 2 years ago
- Win32 and Kernel abusing techniques for pentesters☆958Updated last year