EspressoCake/DefenderPathExclusions external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

EspressoCake/DefenderPathExclusions

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EspressoCake/DefenderPathExclusions)

Close

EspressoCake / DefenderPathExclusionsView on GitHubMore

• External links
• Readme badge

Creation and removal of Defender path exclusions and exceptions in C#.

☆32Nov 1, 2023Updated 2 years ago

Alternatives and similar repositories for DefenderPathExclusions

Users that are interested in DefenderPathExclusions are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• EspressoCake / Defender-Exclusions-Creator-BOF

  View on GitHub
  ☆84Nov 1, 2023Updated 2 years ago
• Bl4ckM1rror / PEAs

  View on GitHub
  ☆60Dec 15, 2023Updated 2 years ago
• antroguy / LocklessBof

  View on GitHub
  Lockless BOF
  ☆79May 2, 2025Updated last year
• Faran-17 / EarlyBird-APC-Injection

  View on GitHub
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆36Oct 31, 2023Updated 2 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆103Oct 7, 2023Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• splexas / TrampHooker

  View on GitHub
  A mechanism that trampoline hooks functions in x86/x64 systems.
  ☆21Oct 9, 2024Updated last year
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• sidaf / moonshine

  View on GitHub
  ☆70Oct 30, 2023Updated 2 years ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆159Nov 7, 2023Updated 2 years ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆42Aug 28, 2024Updated last year
• tijme / cmstplua-uac-bypass

  View on GitHub
  Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.
  ☆218Oct 9, 2022Updated 3 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆256Jun 25, 2023Updated 3 years ago
• hackerhouse-opensource / CompMgmtLauncher_DLL_UACBypass

  View on GitHub
  CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive
  ☆109Feb 2, 2026Updated 4 months ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 3 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆81Sep 20, 2023Updated 2 years ago
• xforcered / BOFMask

  View on GitHub
  ☆128Jun 28, 2023Updated 3 years ago
• RistBS / ContextMenuHijack

  View on GitHub
  Execute a payload at each right click on a file/folder in the explorer menu for persistence
  ☆174Mar 15, 2023Updated 3 years ago
• S12cybersecurity / NinjaInjector

  View on GitHub
  Classic Process Injection with Memory Evasion Techniques implemantation
  ☆74Oct 28, 2023Updated 2 years ago
• RixedLabs / IDLE-Abuse

  View on GitHub
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Apr 4, 2023Updated 3 years ago
• leftp / DPAPISnoop

  View on GitHub
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆147Jun 12, 2026Updated 2 weeks ago
• Haunted-Banshee / Shellcode-Hastur

  View on GitHub
  Shellcode Reductio Entropy Tools
  ☆74Oct 8, 2023Updated 2 years ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆180Mar 27, 2023Updated 3 years ago
• 0xv1n / Havoc-ProfileGenerator

  View on GitHub
  malleable profile generator GUI for Havoc
  ☆55Apr 28, 2023Updated 3 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• OG-Sadpanda / SharpSword

  View on GitHub
  Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
  ☆118Sep 30, 2024Updated last year
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆256Jun 6, 2024Updated 2 years ago
• Hackcraft-Labs / SharpShares

  View on GitHub
  Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
  ☆34Nov 13, 2023Updated 2 years ago
• Cipher7 / ChaiLdr

  View on GitHub
  AV bypass while you sip your Chai!
  ☆224May 17, 2024Updated 2 years ago
• paranoidninja / Proxy-DLL-Loads

  View on GitHub
  The code is a pingback to the Dark Vortex blog:
  ☆190Jan 26, 2023Updated 3 years ago
• byt3bl33d3r / NimDllSideload

  View on GitHub
  DLL sideloading/proxying with Nim!
  ☆175Dec 4, 2022Updated 3 years ago
• FuzzySecurity / Magikarp

  View on GitHub
  ECC Public Key Cryptography
  ☆37Oct 29, 2023Updated 2 years ago
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆116Aug 29, 2022Updated 3 years ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆295Jun 12, 2026Updated 2 weeks ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• hackerhouse-opensource / Stinger

  View on GitHub
  CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as A…
  ☆301Feb 2, 2026Updated 4 months ago
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆203Dec 27, 2023Updated 2 years ago
• frkngksl / UnlinkDLL

  View on GitHub
  DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
  ☆64Apr 4, 2026Updated 2 months ago
• Maldev-Academy / Christmas

  View on GitHub
  PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
  ☆260Jan 21, 2024Updated 2 years ago
• passthehashbrowns / BOFMask

  View on GitHub
  ☆131Jun 28, 2023Updated 3 years ago
• YOLOP0wn / POSTDump

  View on GitHub
  ☆344Updated this week
• deepinstinct / ContainYourself

  View on GitHub
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆320Aug 31, 2023Updated 2 years ago