PwnDexter / SharpEDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
☆685Updated last year
Related projects ⓘ
Alternatives and complementary repositories for SharpEDRChecker
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆813Updated last week
- "Golden" certificates☆650Updated 3 months ago
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,066Updated 3 years ago
- The Hunt for Malicious Strings☆1,094Updated 2 years ago
- Windows Local Privilege Escalation from Service Account to System☆698Updated 4 years ago
- ☆1,406Updated last year
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆241Updated last year
- C# implementation of harmj0y's PowerView☆1,007Updated 7 months ago
- Some notes and examples for cobalt strike's functionality☆986Updated 2 years ago
- SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.☆1,178Updated 4 months ago
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆975Updated 3 years ago
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,400Updated last year
- SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket☆763Updated 3 years ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆1,049Updated 5 months ago
- Situational Awareness commands implemented using Beacon Object Files☆1,268Updated 2 months ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆839Updated 3 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,113Updated 3 years ago
- A .NET Framework 4.0 Windows Agent☆454Updated last week
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆703Updated 11 months ago
- PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as w…☆924Updated 5 months ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆376Updated 2 months ago
- Python version of the C# tool for "Shadow Credentials" attacks☆608Updated this week
- SharpUp is a C# port of various PowerUp functionality.☆1,262Updated 9 months ago
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,036Updated last year
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆862Updated 5 months ago
- ☆617Updated last year
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping …☆890Updated last month
- Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation☆927Updated 2 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆740Updated last year
- Excel Macro Document Reader/Writer for Red Teamers & Analysts☆513Updated 2 years ago