PwnDexter / SharpEDRCheckerLinks
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
☆721Updated last month
Alternatives and similar repositories for SharpEDRChecker
Users that are interested in SharpEDRChecker are comparing it to the libraries listed below
Sorting:
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆910Updated 9 months ago
- "Golden" certificates☆700Updated last year
- The Hunt for Malicious Strings☆1,277Updated 3 months ago
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,232Updated 4 years ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆872Updated 4 years ago
- C# implementation of harmj0y's PowerView☆1,055Updated last year
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,538Updated 2 years ago
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆1,005Updated 3 years ago
- ☆1,497Updated 2 years ago
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆887Updated 4 years ago
- Some notes and examples for cobalt strike's functionality☆1,105Updated 3 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆416Updated 11 months ago
- Windows Local Privilege Escalation from Service Account to System☆847Updated 5 years ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆1,274Updated last year
- SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.☆1,322Updated last year
- SharpUp is a C# port of various PowerUp functionality.☆1,390Updated last year
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,149Updated 4 years ago
- C# Data Collector for the BloodHound Project, Version 3☆548Updated 3 years ago
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆269Updated last year
- Bypass for PowerShell Constrained Language Mode☆398Updated 3 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆747Updated 2 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆798Updated last year
- A .NET Framework 4.0 Windows Agent☆498Updated this week
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,283Updated last year
- Framework for Kerberos relaying☆929Updated 3 years ago
- Get file less command execution for lateral movement.☆627Updated 3 years ago
- Custom Query list for the Bloodhound GUI based off my cheatsheet☆802Updated 2 years ago
- Windows Privilege Escalation from User to Domain Admin.☆1,406Updated 2 years ago
- Python version of the C# tool for "Shadow Credentials" attacks☆792Updated 4 months ago
- Situational Awareness commands implemented using Beacon Object Files☆1,517Updated last month