Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
☆740Feb 24, 2026Updated this week
Alternatives and similar repositories for SharpEDRChecker
Users that are interested in SharpEDRChecker are comparing it to the libraries listed below
Sorting:
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆276Oct 9, 2023Updated 2 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,163Mar 31, 2021Updated 4 years ago
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆607Feb 16, 2023Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆839Dec 2, 2023Updated 2 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- The Hunt for Malicious Strings☆1,363May 13, 2025Updated 9 months ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆879Mar 29, 2021Updated 4 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆772Sep 4, 2024Updated last year
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,606Jul 10, 2023Updated 2 years ago
- ☆667Nov 17, 2021Updated 4 years ago
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,302Dec 15, 2020Updated 5 years ago
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆1,013Nov 7, 2021Updated 4 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,874Aug 18, 2023Updated 2 years ago
- Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019☆1,812Sep 4, 2024Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆740Jul 22, 2023Updated 2 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆362Feb 24, 2023Updated 3 years ago
- A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…☆864Mar 20, 2023Updated 2 years ago
- Situational Awareness commands implemented using Beacon Object Files☆1,722Feb 23, 2026Updated last week
- C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.☆1,098Jun 25, 2024Updated last year
- Loads any C# binary in mem, patching AMSI + ETW.☆839Oct 3, 2021Updated 4 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆931Nov 11, 2024Updated last year
- ☆1,532Aug 11, 2023Updated 2 years ago
- Collection of Offensive C# Tooling☆1,470Feb 6, 2023Updated 3 years ago
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆469Mar 8, 2023Updated 2 years ago
- Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading☆882Jul 21, 2020Updated 5 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,577Jan 5, 2021Updated 5 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…☆538Sep 18, 2022Updated 3 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆269Mar 18, 2021Updated 4 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆374Sep 20, 2025Updated 5 months ago
- Open-Source Shellcode & PE Packer☆2,069Feb 3, 2024Updated 2 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- C# implementation of harmj0y's PowerView☆1,086Mar 22, 2024Updated last year
- "Golden" certificates☆710Aug 17, 2024Updated last year
- ☆1,670Apr 14, 2025Updated 10 months ago
- ☆360Apr 24, 2021Updated 4 years ago
- Collection of Beacon Object Files☆633Nov 1, 2022Updated 3 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.☆772Dec 21, 2022Updated 3 years ago