Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
☆749Feb 24, 2026Updated 2 months ago
Alternatives and similar repositories for SharpEDRChecker
Users that are interested in SharpEDRChecker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,166Mar 31, 2021Updated 5 years ago
- .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py☆617Feb 16, 2023Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆856Dec 2, 2023Updated 2 years ago
- The Hunt for Malicious Strings☆1,383May 13, 2025Updated last year
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆885Mar 29, 2021Updated 5 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆599Jul 26, 2021Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆782Sep 4, 2024Updated last year
- SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GP…☆1,325Dec 15, 2020Updated 5 years ago
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,639Jul 10, 2023Updated 2 years ago
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆1,021Nov 7, 2021Updated 4 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆364Feb 24, 2023Updated 3 years ago
- ☆671Nov 17, 2021Updated 4 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,881Aug 18, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019☆1,821Sep 4, 2024Updated last year
- OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…☆544Sep 18, 2022Updated 3 years ago
- ☆1,533Aug 11, 2023Updated 2 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,585Jan 5, 2021Updated 5 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- Open-Source Shellcode & PE Packer☆2,105Feb 3, 2024Updated 2 years ago
- Situational Awareness commands implemented using Beacon Object Files☆1,802Mar 10, 2026Updated 2 months ago
- Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensi…☆4,575Jan 10, 2025Updated last year
- .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers☆817Aug 28, 2022Updated 3 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆945Nov 11, 2024Updated last year
- C# implementation of harmj0y's PowerView☆1,098Mar 22, 2024Updated 2 years ago
- A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…☆875Mar 20, 2023Updated 3 years ago
- "Golden" certificates☆717Aug 17, 2024Updated last year
- C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.☆1,112Apr 13, 2026Updated last month
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆469Mar 8, 2023Updated 3 years ago
- Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading☆905Jul 21, 2020Updated 5 years ago
- Collection of Offensive C# Tooling☆1,471Feb 6, 2023Updated 3 years ago
- Loads any C# binary in mem, patching AMSI + ETW.☆849Oct 3, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Enumerate and disable common sources of telemetry used by AV/EDR.☆850Mar 11, 2021Updated 5 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆751Jul 22, 2023Updated 2 years ago
- .NET Project for performing Authenticated Remote Execution☆406Feb 8, 2023Updated 3 years ago
- ☆2,187Apr 3, 2026Updated last month
- SharpWMI is a C# implementation of various WMI functionality.☆768Jan 15, 2021Updated 5 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆378Sep 20, 2025Updated 8 months ago
- Pass the Hash to a named pipe for token Impersonation☆310Nov 29, 2023Updated 2 years ago