PwnDexter / SharpEDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
☆706Updated last year
Alternatives and similar repositories for SharpEDRChecker:
Users that are interested in SharpEDRChecker are comparing it to the libraries listed below
- The Hunt for Malicious Strings☆1,194Updated 2 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆868Updated 5 months ago
- C# implementation of harmj0y's PowerView☆1,031Updated last year
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆860Updated 4 years ago
- "Golden" certificates☆673Updated 8 months ago
- ☆1,461Updated last year
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆258Updated last year
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,484Updated last year
- Some notes and examples for cobalt strike's functionality☆1,054Updated 3 years ago
- Windows Local Privilege Escalation from Service Account to System☆792Updated 5 years ago
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,162Updated 4 years ago
- PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as w…☆996Updated 10 months ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆1,186Updated 10 months ago
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆999Updated 3 years ago
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆842Updated 3 years ago
- SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.☆1,232Updated 9 months ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,140Updated 4 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆397Updated 7 months ago
- Python version of the C# tool for "Shadow Credentials" attacks☆710Updated 2 months ago
- Situational Awareness commands implemented using Beacon Object Files☆1,389Updated last month
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆761Updated last year
- SharpUp is a C# port of various PowerUp functionality.☆1,343Updated last year
- ☆1,581Updated last week
- A .NET Framework 4.0 Windows Agent☆472Updated 2 weeks ago
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,075Updated 2 years ago
- Bypass for PowerShell Constrained Language Mode☆389Updated 3 years ago
- ☆679Updated 2 months ago
- Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation☆963Updated 2 years ago
- Framework for Kerberos relaying☆907Updated 2 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,214Updated last year