Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools.
☆278Oct 9, 2023Updated 2 years ago
Alternatives and similar repositories for Invoke-EDRChecker
Users that are interested in Invoke-EDRChecker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆749Feb 24, 2026Updated 3 months ago
- Python3 tool to perform password spraying using RDP☆674Aug 17, 2023Updated 2 years ago
- Create a list of possible usernames for bruteforcing☆82Feb 18, 2024Updated 2 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆945Nov 11, 2024Updated last year
- "Golden" certificates☆717Aug 17, 2024Updated last year
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.☆2,468Feb 24, 2023Updated 3 years ago
- Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient☆1,568Oct 17, 2022Updated 3 years ago
- ICMP Reverse Shell written in Python 3 and with Scapy (backdoor/rev shell)☆423Aug 20, 2024Updated last year
- Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensi…☆4,581Jan 10, 2025Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆850Mar 11, 2021Updated 5 years ago
- The Hunt for Malicious Strings☆1,382May 13, 2025Updated last year
- Recon-AD, an AD recon tool based on ADSI and reflective DLL’s☆332Oct 20, 2019Updated 6 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆599Jul 26, 2021Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆143May 12, 2020Updated 6 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- C# port of WMImplant which uses either CIM or WMI to query remote systems☆205Jul 14, 2021Updated 4 years ago
- Identifies the bytes that Microsoft Defender flags on.☆2,607Dec 31, 2025Updated 4 months ago
- Get file less command execution for lateral movement.☆637Jun 3, 2022Updated 3 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,166Mar 31, 2021Updated 5 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆257Dec 2, 2021Updated 4 years ago
- A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.☆2,108Nov 20, 2025Updated 6 months ago
- GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects☆251Sep 26, 2020Updated 5 years ago
- Windows Local Privilege Escalation from Service Account to System☆945Feb 23, 2020Updated 6 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Trying to tame the three-headed dog.☆5,012Updated this week
- Privilege Escalation Enumeration Script for Windows☆3,842Apr 29, 2026Updated 3 weeks ago
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,325Dec 15, 2020Updated 5 years ago
- MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, i…☆3,236Aug 7, 2025Updated 9 months ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆324Apr 8, 2023Updated 3 years ago
- Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been se…☆170Aug 10, 2020Updated 5 years ago
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆615Feb 16, 2023Updated 3 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 6 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆856Dec 2, 2023Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- C# Script used for Red Team☆722Nov 16, 2021Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆782Sep 4, 2024Updated last year
- A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …☆1,109Jul 26, 2021Updated 4 years ago
- .NET 4.0 WinRM API Command Execution☆165Sep 11, 2020Updated 5 years ago
- BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.☆257Mar 6, 2025Updated last year
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆885Mar 29, 2021Updated 5 years ago