AlteredSecurity / Disable-TamperProtectionLinks
A POC to disable TamperProtection and other Defender / MDE components
☆225Updated last year
Alternatives and similar repositories for Disable-TamperProtection
Users that are interested in Disable-TamperProtection are comparing it to the libraries listed below
Sorting:
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆255Updated 6 months ago
- Hide your P/Invoke signatures through other people's signed assemblies☆210Updated last year
- C# AV/EDR Killer using less-known driver (BYOVD)☆180Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆209Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆164Updated last year
- ☆204Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆196Updated 2 years ago
- Ghosting-AMSI☆218Updated 5 months ago
- Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applicatio…☆136Updated 9 months ago
- ☆158Updated 9 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆197Updated last year
- 「💀」Proof of concept on BYOVD attack☆163Updated 10 months ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆309Updated last year
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆154Updated last year
- Sleep obfuscation☆242Updated 9 months ago
- Build sneaky & malicious LNK files.☆146Updated 2 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆192Updated 10 months ago
- This repository implements Threadless Injection in C☆171Updated last year
- ☆189Updated last year
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆155Updated 2 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆225Updated 7 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆378Updated 9 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆173Updated 6 months ago
- Injecting DLL into LSASS at boot☆142Updated 5 months ago
- ☆182Updated 3 months ago
- A PowerShell console in C/C++ with all the security features disabled☆274Updated 4 months ago
- Extracting NetNTLM without touching lsass.exe☆239Updated last year
- ☆197Updated last year
- Use hardware breakpoint to dynamically change SSN in run-time☆267Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆354Updated 2 years ago