Default Detections for EDR
☆97Feb 20, 2024Updated 2 years ago
Alternatives and similar repositories for plague
Users that are interested in plague are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 3 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- Small PoC of using a Microsoft signed executable as a lolbin.☆141Feb 27, 2023Updated 3 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- ☆22Mar 4, 2025Updated last year
- simple C# portscanner - written for playing around with Metasploit's Execute-Assembly☆10Jul 1, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL☆64Sep 12, 2022Updated 3 years ago
- Repository contains psexec, which will help to exploit the forgotten pipe☆173Nov 5, 2024Updated last year
- General Content☆27Dec 23, 2025Updated 3 months ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆309Dec 9, 2023Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…☆34Feb 2, 2026Updated last month
- ☆223Mar 10, 2024Updated 2 years ago
- ErebusGate for Nim Bypass AV/EDR☆160Nov 7, 2022Updated 3 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆306Aug 2, 2023Updated 2 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- Kill AV/EDR leveraging BYOVD attack☆394Jul 11, 2023Updated 2 years ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- Silence EDRs by removing kernel callbacks☆238Dec 7, 2020Updated 5 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- a tool to help operate in EDRs' blind spots☆769Dec 2, 2024Updated last year
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆674Dec 23, 2022Updated 3 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Various ways to execute shellcode☆507Mar 13, 2024Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆222Aug 12, 2022Updated 3 years ago
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- ☆23Jun 1, 2023Updated 2 years ago
- Apply a divide and conquer approach to bypass EDRs☆286Oct 19, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 4 months ago
- Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.☆83Feb 2, 2026Updated last month