PwnDexter / SharpEDRCheckerLinks
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
☆714Updated last year
Alternatives and similar repositories for SharpEDRChecker
Users that are interested in SharpEDRChecker are comparing it to the libraries listed below
Sorting:
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆890Updated 7 months ago
- The Hunt for Malicious Strings☆1,235Updated last month
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆263Updated last year
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,197Updated 4 years ago
- ☆1,481Updated last year
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆1,006Updated 3 years ago
- C# implementation of harmj0y's PowerView☆1,040Updated last year
- Windows Local Privilege Escalation from Service Account to System☆821Updated 5 years ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆865Updated 4 years ago
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,517Updated last year
- "Golden" certificates☆689Updated 10 months ago
- Some notes and examples for cobalt strike's functionality☆1,091Updated 3 years ago
- PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as w…☆1,015Updated last year
- SharpUp is a C# port of various PowerUp functionality.☆1,369Updated last year
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆870Updated 3 years ago
- SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.☆1,289Updated 11 months ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆946Updated last year
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,085Updated 2 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆410Updated 9 months ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆1,224Updated last year
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,147Updated 4 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆777Updated last year
- Another Windows Local Privilege Escalation from Service Account to System☆1,096Updated 4 years ago
- Python version of the C# tool for "Shadow Credentials" attacks☆757Updated 2 months ago
- A .NET Framework 4.0 Windows Agent☆486Updated this week
- Situational Awareness commands implemented using Beacon Object Files☆1,453Updated last month
- C# Data Collector for the BloodHound Project, Version 3☆538Updated 3 years ago
- Windows Privilege Escalation from User to Domain Admin.☆1,398Updated 2 years ago
- ☆693Updated 4 months ago
- Framework for Kerberos relaying☆919Updated 3 years ago