PwnDexter / Invoke-EDRCheckerLinks
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆263Updated last year
Alternatives and similar repositories for Invoke-EDRChecker
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆714Updated last year
- Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.☆373Updated 2 years ago
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆870Updated 3 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆890Updated 7 months ago
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆218Updated 3 months ago
- ☆391Updated 4 years ago
- ☆223Updated 2 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆410Updated 9 months ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆467Updated 2 years ago
- Useful C2 techniques and cheatsheets learned from engagements☆515Updated 2 months ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆777Updated last year
- PowerSploit - A PowerShell Post-Exploitation Framework☆233Updated 3 years ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆392Updated last year
- "Golden" certificates☆689Updated 10 months ago
- Bypass for PowerShell Constrained Language Mode☆393Updated 3 years ago
- Python version of the C# tool for "Shadow Credentials" attacks☆757Updated 2 months ago
- Dumping LAPS from Python☆271Updated 2 years ago
- AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with…☆302Updated last year
- ☆259Updated 3 years ago
- Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types☆393Updated 3 months ago
- PowerShell Constrained Language Mode Bypass☆270Updated 4 years ago
- Bypass AMSI by patching AmsiScanBuffer☆267Updated 4 years ago
- Powershell script to extract information from boot PXE☆144Updated 6 years ago
- Lists who can read any gMSA password blobs and parses them if the current user has access.☆302Updated last year
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆488Updated 2 years ago
- Password spraying tool and Bloodhound integration☆237Updated 5 months ago
- RACE is a PowerShell module for executing ACL attacks against Windows targets.☆229Updated 2 years ago
- ☆784Updated 2 years ago
- ☆409Updated last year
- NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The …☆353Updated last year