HackingLZ / ExtractedDefender
☆214Updated 2 years ago
Alternatives and similar repositories for ExtractedDefender:
Users that are interested in ExtractedDefender are comparing it to the libraries listed below
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆169Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆171Updated 4 years ago
- Experiment on reproducing Obfuscate & Sleep☆142Updated 4 years ago
- Execute PowerShell code at the antimalware-light protection level.☆140Updated 2 years ago
- Dump the memory of any PPL with a Userland exploit chain☆333Updated 2 years ago
- ☆112Updated 2 years ago
- You shall pass☆256Updated 2 years ago
- EDRSandblast-GodFault☆257Updated last year
- Enumerate various traits from Windows processes as an aid to threat hunting☆186Updated 3 years ago
- Load any Beacon Object File using Powershell!☆249Updated 3 years ago
- ☆189Updated 2 years ago
- Project to check which Nt/Zw functions your local EDR is hooking☆183Updated 4 years ago
- Koppeling x Metatwin x LazySign☆209Updated 3 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆186Updated last year
- ☆181Updated 2 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- A fake AMSI Provider which can be used for persistence.☆147Updated 3 years ago
- ☆206Updated 3 years ago
- WTSRM☆209Updated 2 years ago
- COFF file (BOF) for managing Kerberos tickets.☆293Updated last year
- Hookers are cooler than patches.☆170Updated 3 years ago
- Finding secrets in kernel and user memory☆115Updated last year
- Beacon Object File Loader☆284Updated last year
- Building and Executing Position Independent Shellcode from Object Files in Memory☆157Updated 4 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆165Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆188Updated 3 years ago
- ☆375Updated 2 years ago
- ☆182Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆230Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆205Updated 2 years ago