Default Detections for EDR
☆97Feb 20, 2024Updated 2 years ago
Alternatives and similar repositories for plague
Users that are interested in plague are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 3 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 3 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆135Jan 2, 2023Updated 3 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Small PoC of using a Microsoft signed executable as a lolbin.☆142Feb 27, 2023Updated 3 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- ☆22Mar 4, 2025Updated last year
- simple C# portscanner - written for playing around with Metasploit's Execute-Assembly☆10Jul 1, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL☆64Sep 12, 2022Updated 3 years ago
- Repository contains psexec, which will help to exploit the forgotten pipe☆174Nov 5, 2024Updated last year
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆313Dec 9, 2023Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- ETW based POC to identify direct and indirect syscalls☆192Apr 19, 2023Updated 3 years ago
- Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…☆34Feb 2, 2026Updated 3 months ago
- ☆224Mar 10, 2024Updated 2 years ago
- ErebusGate for Nim Bypass AV/EDR☆160Nov 7, 2022Updated 3 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆306Aug 2, 2023Updated 2 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Kill AV/EDR leveraging BYOVD attack☆400Jul 11, 2023Updated 2 years ago
- Terminate AV/EDR Processes using kernel driver☆354Jun 12, 2023Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- a tool to help operate in EDRs' blind spots☆770Dec 2, 2024Updated last year
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 3 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆674Dec 23, 2022Updated 3 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆223Aug 12, 2022Updated 3 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- Various ways to execute shellcode☆510Mar 13, 2024Updated 2 years ago
- ☆23Jun 1, 2023Updated 2 years ago
- Apply a divide and conquer approach to bypass EDRs☆287Oct 19, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 5 months ago
- Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.☆83Feb 2, 2026Updated 3 months ago
- ☆47Oct 27, 2023Updated 2 years ago