PwnDexter / Invoke-EDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆258Updated last year
Alternatives and similar repositories for Invoke-EDRChecker:
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆706Updated last year
- Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.☆361Updated last year
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆842Updated 3 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆397Updated 7 months ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆388Updated last year
- ☆379Updated 3 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆868Updated 5 months ago
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆209Updated last month
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆484Updated last year
- A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.☆436Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆761Updated last year
- AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with…☆299Updated last year
- Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket☆530Updated 2 years ago
- PowerSploit - A PowerShell Post-Exploitation Framework☆232Updated 3 years ago
- "Golden" certificates☆665Updated 8 months ago
- Python version of the C# tool for "Shadow Credentials" attacks☆710Updated 2 months ago
- ☆391Updated 8 months ago
- Bypass for PowerShell Constrained Language Mode☆389Updated 3 years ago
- Malicious shortcut generator for collecting NTLM hashes from insecure file shares.☆327Updated 6 months ago
- Invoke-ZeroLogon allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls…☆216Updated 4 years ago
- A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.☆439Updated last year
- A User Impersonation tool - via Token or Shellcode injection☆413Updated 2 years ago
- PowerShell Constrained Language Mode Bypass☆261Updated 4 years ago
- Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types☆383Updated last month
- ☆219Updated 2 years ago
- NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The …☆338Updated last year
- Lists who can read any gMSA password blobs and parses them if the current user has access.☆274Updated last year
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆422Updated 2 years ago
- Enumerate Domain Data☆326Updated last year
- Dumping LAPS from Python☆267Updated 2 years ago