FourCoreLabs / EDRHunt
Scan installed EDRs and AVs on Windows
☆577Updated last year
Alternatives and similar repositories for EDRHunt:
Users that are interested in EDRHunt are comparing it to the libraries listed below
- Hunts out CobaltStrike beacons and logs operator command output☆910Updated 6 months ago
- SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.☆1,069Updated 11 months ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,194Updated last year
- Some notes and examples for cobalt strike's functionality☆1,008Updated 3 years ago
- Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.☆357Updated last year
- ☆1,047Updated last year
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆906Updated 3 years ago
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping …☆938Updated 2 weeks ago
- C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.☆1,047Updated 8 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆909Updated 9 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆320Updated last year
- Aims to identify sleeping beacons☆569Updated 3 months ago
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆476Updated last year
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆703Updated last year
- Situational Awareness commands implemented using Beacon Object Files☆1,338Updated 2 months ago
- Useful C2 techniques and cheatsheets learned from engagements☆468Updated this week
- Cobalt Strike random C2 Profile generator☆650Updated 2 years ago
- Another Windows Local Privilege Escalation from Service Account to System☆833Updated 2 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆391Updated 6 months ago
- Detect and respond to Cobalt Strike beacons using ETW.☆487Updated 2 years ago
- a tool to help operate in EDRs' blind spots☆721Updated 3 months ago
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,066Updated last year
- ☆467Updated 3 months ago
- TCP Port Redirection Utility☆697Updated 2 years ago
- ☆936Updated 2 weeks ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆468Updated 2 years ago
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆257Updated last year
- ☆507Updated 3 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆741Updated last year
- Ransomware simulator written in Golang☆426Updated 2 years ago