PwnDexter / Invoke-EDRCheckerLinks
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆262Updated last year
Alternatives and similar repositories for Invoke-EDRChecker
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆714Updated last year
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆860Updated 3 years ago
- Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.☆366Updated last year
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆883Updated 6 months ago
- ☆388Updated 4 years ago
- "Golden" certificates☆682Updated 9 months ago
- Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable…☆215Updated 2 months ago
- Bypass AMSI by patching AmsiScanBuffer☆265Updated 4 years ago
- Useful C2 techniques and cheatsheets learned from engagements☆510Updated last month
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆729Updated 4 months ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆410Updated 9 months ago
- Python version of the C# tool for "Shadow Credentials" attacks☆741Updated last month
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆465Updated 2 years ago
- ☆358Updated 4 years ago
- Lists who can read any gMSA password blobs and parses them if the current user has access.☆286Updated last year
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆389Updated last year
- Dumping LAPS from Python☆267Updated 2 years ago
- Powershell script to extract information from boot PXE☆141Updated 6 years ago
- Bypass for PowerShell Constrained Language Mode☆392Updated 3 years ago
- Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket☆542Updated 2 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆772Updated last year
- ☆395Updated 9 months ago
- Collection of some of my own tools with other great open source tools out there packaged into a powershell module☆144Updated 2 years ago
- A User Impersonation tool - via Token or Shellcode injection☆415Updated 3 years ago
- RACE is a PowerShell module for executing ACL attacks against Windows targets.☆227Updated 2 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆424Updated 2 years ago
- A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.☆440Updated last year
- Malicious shortcut generator for collecting NTLM hashes from insecure file shares.☆332Updated 7 months ago
- Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.☆306Updated 2 years ago
- Partial python implementation of SharpGPOAbuse☆429Updated last week