Helixo32 / SimpleEDR

Related projects: ⓘ

• EvilBytecode / Lifetime-Amsi-EtwPatch
  Two in one, patch lifetime powershell console, no more etw and amsi!
  ☆79Updated 2 months ago
• x42en / sysplant
  Your syscall factory
  ☆121Updated last week
• Octoberfest7 / Presentations
  Slide decks and/or materials from conference presentations
  ☆55Updated last year
• BC-SECURITY / IronSharpPack
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆104Updated 4 months ago
• rkbennett / pybof
  Python module for running BOFs
  ☆63Updated last year
• lkarlslund / hashmuncher
  Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later
  ☆88Updated last year
• BC-SECURITY / ScriptBlock-Smuggling
  Example code samples from our ScriptBlock Smuggling Blog post
  ☆80Updated 3 months ago
• outflanknl / Training-MSOfficeOffensiveTradecraft
  Info related to the Outflank training: Microsoft Office Offensive Tradecraft
  ☆50Updated 4 months ago
• dsnezhkov / shutter
  ☆105Updated 3 years ago
• cbecks2 / edr-artifacts
  This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
  ☆64Updated 3 weeks ago
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆72Updated 11 months ago
• CCob / DGPOEdit
  Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines
  ☆55Updated 2 weeks ago
• ZERODETECTION / MSC_Dropper
  ☆119Updated last month
• sidaf / moonshine
  ☆67Updated 10 months ago
• morRubin / NegoExRelay
  ☆83Updated 2 years ago
• bitsadmin / lofl
  Living Off the Foreign Land setup scripts
  ☆61Updated last month
• RePRGM / Nimperiments
  Various one-off pentesting projects written in Nim. Updates happen on a whim.
  ☆145Updated 5 months ago
• itaymigdal / GhostNap
  Sleep obfuscation for shellcode implants and their reflective shit
  ☆51Updated last year
• mertdas / SharpLateral
  Lateral Movement
  ☆117Updated 10 months ago
• naksyn / ModuleShifting
  Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…
  ☆106Updated 11 months ago
• 0xthirteen / AssemblyHunter
  Find .net assemblies locally
  ☆85Updated last year
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆84Updated last year
• Hagrid29 / AbuseAzureAPIPermissions
  Abuse Azure API permissions for red teaming
  ☆55Updated last year
• coffeegist / bofhound
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆85Updated 2 months ago
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆46Updated 6 months ago
• EvilBytecode / Lifetime-AmsiBypass
  Lifetime AMSI bypass.
  ☆35Updated 2 months ago
• bohops / DynamicDotNet
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆134Updated 4 months ago
• nixpal / shellsilo
  SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…
  ☆81Updated 2 weeks ago
• CodeXTF2 / PyHmmm
  Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …
  ☆74Updated 10 months ago
• naksyn / Embedder
  Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
  ☆110Updated 3 months ago