PwnDexter / Invoke-EDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆250Updated last year
Alternatives and similar repositories for Invoke-EDRChecker:
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆693Updated last year
- Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.☆349Updated last year
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆468Updated last year
- PowerShell Constrained Language Mode Bypass☆242Updated 3 years ago
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆803Updated 3 years ago
- Enumerate Domain Data☆320Updated last year
- ☆358Updated 3 years ago
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆197Updated 3 weeks ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆387Updated 4 months ago
- Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types☆378Updated last year
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆335Updated 3 years ago
- "Golden" certificates☆650Updated 5 months ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆383Updated 10 months ago
- ☆205Updated last year
- A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.☆429Updated 2 years ago
- Bypass for PowerShell Constrained Language Mode☆381Updated 3 years ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆456Updated 2 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆840Updated 2 months ago
- PowerSploit - A PowerShell Post-Exploitation Framework☆220Updated 3 years ago
- Partial python implementation of SharpGPOAbuse☆384Updated 11 months ago
- Python version of the C# tool for "Shadow Credentials" attacks☆660Updated last month
- AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with…☆295Updated last year
- Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.☆300Updated 2 years ago
- Inject remote template link into word document for remote template injection☆165Updated 3 years ago
- Password spraying tool and Bloodhound integration☆219Updated 3 weeks ago
- Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket☆517Updated 2 years ago
- Kerberoast with ACL abuse capabilities☆391Updated last month
- A User Impersonation tool - via Token or Shellcode injection☆407Updated 2 years ago
- ☆444Updated 2 years ago
- Bypass AMSI by patching AmsiScanBuffer☆255Updated 3 years ago