Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆276Oct 9, 2023Updated 2 years ago
Alternatives and similar repositories for Invoke-EDRChecker
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆740Feb 24, 2026Updated last week
- Python3 tool to perform password spraying using RDP☆668Aug 17, 2023Updated 2 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆931Nov 11, 2024Updated last year
- "Golden" certificates☆710Aug 17, 2024Updated last year
- Recon-AD, an AD recon tool based on ADSI and reflective DLL’s☆331Oct 20, 2019Updated 6 years ago
- C# port of WMImplant which uses either CIM or WMI to query remote systems☆203Jul 14, 2021Updated 4 years ago
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆844Mar 11, 2021Updated 4 years ago
- Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient☆1,556Oct 17, 2022Updated 3 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.☆2,402Feb 24, 2023Updated 3 years ago
- The Hunt for Malicious Strings☆1,365May 13, 2025Updated 9 months ago
- Get file less command execution for lateral movement.☆636Jun 3, 2022Updated 3 years ago
- Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been se…☆170Aug 10, 2020Updated 5 years ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆251Sep 26, 2020Updated 5 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,163Mar 31, 2021Updated 4 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆258Dec 2, 2021Updated 4 years ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 2 years ago
- Identifies the bytes that Microsoft Defender flags on.☆2,582Dec 31, 2025Updated 2 months ago
- Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.☆155Dec 22, 2020Updated 5 years ago
- A simple COM server which provides a component to run shellcode☆149May 12, 2020Updated 5 years ago
- Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensi…☆4,488Jan 10, 2025Updated last year
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆839Dec 2, 2023Updated 2 years ago
- Ps-Tools, an advanced process monitoring toolkit for offensive operations☆355Dec 1, 2020Updated 5 years ago
- Retrieve LAPS password from LDAP☆435Feb 17, 2021Updated 5 years ago
- BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.☆258Mar 6, 2025Updated 11 months ago
- .NET 4.0 WinRM API Command Execution☆166Sep 11, 2020Updated 5 years ago
- A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …☆1,083Jul 26, 2021Updated 4 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123May 22, 2021Updated 4 years ago
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Registry permission scanner written in C# for finding potential privesc avenues within registry☆86Mar 9, 2021Updated 4 years ago
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆611Feb 16, 2023Updated 3 years ago
- TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts☆1,369Oct 22, 2025Updated 4 months ago
- ☆538Nov 20, 2021Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆244Jul 14, 2021Updated 4 years ago
- Extract credentials from lsass remotely☆2,180Dec 24, 2025Updated 2 months ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Privilege Escalation Enumeration Script for Windows☆3,708Jan 30, 2026Updated last month
- Excel Macro Document Reader/Writer for Red Teamers & Analysts☆524Feb 1, 2022Updated 4 years ago