PhantomSecurityGroup / Intro-to-EDR-EvasionView external linksLinks
CyberShield 2025 Intro to EDR Evasion Class
☆17Jun 3, 2025Updated 8 months ago
Alternatives and similar repositories for Intro-to-EDR-Evasion
Users that are interested in Intro-to-EDR-Evasion are comparing it to the libraries listed below
Sorting:
- This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆28Jul 21, 2025Updated 6 months ago
- Windows C++ Implant for Exploration C2☆44Jan 26, 2026Updated 3 weeks ago
- Citrix CVE-2023-4966 from assetnote modified for parallel and file handling☆11Oct 25, 2023Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆13Feb 4, 2024Updated 2 years ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated 11 months ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 6 months ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 8 months ago
- An easy way to convert BloodHound output files into data that can be imported into reporting software like Dradis and Plextrac. Built by …☆18Oct 15, 2020Updated 5 years ago
- A simple to use single-include Windows API resolver☆23Jul 9, 2024Updated last year
- A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.☆74Aug 24, 2025Updated 5 months ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- Random BOFs for LDAP tradecraft☆72Sep 9, 2025Updated 5 months ago
- A cheatsheet of commands used to pass the CARTP (Certified Azure Red Team Professional) exam.☆21May 4, 2023Updated 2 years ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆75Jul 25, 2025Updated 6 months ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 6 months ago
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 6 months ago
- Backend development stack for agents☆29Jul 30, 2025Updated 6 months ago
- PoC framework for Sliver compilation☆22Jan 14, 2025Updated last year
- LDAP Enumeration Tool for Pentesters☆48Apr 22, 2025Updated 9 months ago
- XPN's RpcEnum but based on IDA instead of Ghidra☆21Aug 17, 2019Updated 6 years ago
- ☆49Apr 9, 2025Updated 10 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated 11 months ago
- Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.☆68Jan 27, 2026Updated 2 weeks ago
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 10 months ago
- CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC☆20Nov 19, 2024Updated last year
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- ☆61Dec 19, 2024Updated last year
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆63Dec 25, 2025Updated last month
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated 2 weeks ago
- Situational Awareness script to identify how and where to run implants☆67Dec 6, 2024Updated last year
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 7 months ago
- ☆50Jul 9, 2025Updated 7 months ago
- Red AI Archive: Jeff Sims - A curated collection of work in AI safety, cybersecurity data science, and AI red teaming – my own research a…☆26Apr 1, 2025Updated 10 months ago
- ☆126Jan 23, 2025Updated last year
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated 10 months ago
- Evasive Payload Delivery Server & C2 Redirector☆112Nov 3, 2025Updated 3 months ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year