Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆277Oct 9, 2023Updated 2 years ago
Alternatives and similar repositories for Invoke-EDRChecker
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆744Feb 24, 2026Updated last month
- Python3 tool to perform password spraying using RDP☆669Aug 17, 2023Updated 2 years ago
- Create a list of possible usernames for bruteforcing☆83Feb 18, 2024Updated 2 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆935Nov 11, 2024Updated last year
- "Golden" certificates☆709Aug 17, 2024Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.☆2,415Feb 24, 2023Updated 3 years ago
- Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient☆1,559Oct 17, 2022Updated 3 years ago
- ICMP Reverse Shell written in Python 3 and with Scapy (backdoor/rev shell)☆423Aug 20, 2024Updated last year
- Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensi…☆4,512Jan 10, 2025Updated last year
- The Hunt for Malicious Strings☆1,370May 13, 2025Updated 10 months ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆844Mar 11, 2021Updated 5 years ago
- Recon-AD, an AD recon tool based on ADSI and reflective DLL’s☆331Oct 20, 2019Updated 6 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- C# port of WMImplant which uses either CIM or WMI to query remote systems☆203Jul 14, 2021Updated 4 years ago
- Identifies the bytes that Microsoft Defender flags on.☆2,588Dec 31, 2025Updated 2 months ago
- Get file less command execution for lateral movement.☆637Jun 3, 2022Updated 3 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,163Mar 31, 2021Updated 4 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆257Dec 2, 2021Updated 4 years ago
- A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.☆2,095Nov 20, 2025Updated 4 months ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆251Sep 26, 2020Updated 5 years ago
- Windows Local Privilege Escalation from Service Account to System☆921Feb 23, 2020Updated 6 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Trying to tame the three-headed dog.☆4,935Nov 14, 2025Updated 4 months ago
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,315Dec 15, 2020Updated 5 years ago
- Privilege Escalation Enumeration Script for Windows☆3,759Jan 30, 2026Updated last month
- MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, i…☆3,218Aug 7, 2025Updated 7 months ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 2 years ago
- Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been se…☆170Aug 10, 2020Updated 5 years ago
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆617Feb 16, 2023Updated 3 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆842Dec 2, 2023Updated 2 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- C# Script used for Red Team☆723Nov 16, 2021Updated 4 years ago
- A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …☆1,092Jul 26, 2021Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆772Sep 4, 2024Updated last year
- .NET 4.0 WinRM API Command Execution☆166Sep 11, 2020Updated 5 years ago
- BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.☆258Mar 6, 2025Updated last year
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆880Mar 29, 2021Updated 4 years ago