Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆279Oct 9, 2023Updated 2 years ago
Alternatives and similar repositories for Invoke-EDRChecker
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆747Feb 24, 2026Updated 2 months ago
- Python3 tool to perform password spraying using RDP☆672Aug 17, 2023Updated 2 years ago
- Create a list of possible usernames for bruteforcing☆82Feb 18, 2024Updated 2 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆943Nov 11, 2024Updated last year
- "Golden" certificates☆716Aug 17, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.☆2,442Feb 24, 2023Updated 3 years ago
- Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient☆1,566Oct 17, 2022Updated 3 years ago
- ICMP Reverse Shell written in Python 3 and with Scapy (backdoor/rev shell)☆422Aug 20, 2024Updated last year
- Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensi…☆4,563Jan 10, 2025Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆848Mar 11, 2021Updated 5 years ago
- The Hunt for Malicious Strings☆1,378May 13, 2025Updated 11 months ago
- Recon-AD, an AD recon tool based on ADSI and reflective DLL’s☆332Oct 20, 2019Updated 6 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆598Jul 26, 2021Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆144May 12, 2020Updated 5 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- C# port of WMImplant which uses either CIM or WMI to query remote systems☆203Jul 14, 2021Updated 4 years ago
- Identifies the bytes that Microsoft Defender flags on.☆2,600Dec 31, 2025Updated 4 months ago
- Get file less command execution for lateral movement.☆637Jun 3, 2022Updated 3 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,166Mar 31, 2021Updated 5 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆257Dec 2, 2021Updated 4 years ago
- A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.☆2,106Nov 20, 2025Updated 5 months ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆251Sep 26, 2020Updated 5 years ago
- Windows Local Privilege Escalation from Service Account to System☆941Feb 23, 2020Updated 6 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Trying to tame the three-headed dog.☆4,988Nov 14, 2025Updated 5 months ago
- Privilege Escalation Enumeration Script for Windows☆3,825Apr 29, 2026Updated last week
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,323Dec 15, 2020Updated 5 years ago
- MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, i…☆3,227Aug 7, 2025Updated 8 months ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 3 years ago
- Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been se…☆170Aug 10, 2020Updated 5 years ago
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆617Feb 16, 2023Updated 3 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆850Dec 2, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- C# Script used for Red Team☆722Nov 16, 2021Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆779Sep 4, 2024Updated last year
- A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …☆1,107Jul 26, 2021Updated 4 years ago
- .NET 4.0 WinRM API Command Execution☆165Sep 11, 2020Updated 5 years ago
- BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.☆258Mar 6, 2025Updated last year
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆881Mar 29, 2021Updated 5 years ago