Default Detections for EDR
☆97Feb 20, 2024Updated 2 years ago
Alternatives and similar repositories for plague
Users that are interested in plague are comparing it to the libraries listed below
Sorting:
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- simple C# portscanner - written for playing around with Metasploit's Execute-Assembly☆10Jul 1, 2023Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL☆64Sep 12, 2022Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆141Feb 27, 2023Updated 3 years ago
- Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…☆34Feb 2, 2026Updated last month
- Just another casual shellcode native loader☆25Feb 3, 2022Updated 4 years ago
- Repository contains psexec, which will help to exploit the forgotten pipe☆172Nov 5, 2024Updated last year
- ☆223Mar 10, 2024Updated last year
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Various ways to execute shellcode☆507Mar 13, 2024Updated last year
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).☆90Nov 23, 2022Updated 3 years ago
- Reflective DLL self-loading as a library☆21May 3, 2025Updated 10 months ago
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 2 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated last year
- ☆23Jun 1, 2023Updated 2 years ago
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆180Feb 14, 2023Updated 3 years ago
- ErebusGate for Nim Bypass AV/EDR☆162Nov 7, 2022Updated 3 years ago
- A framework for backdooring Microsoft Nuget packages.☆10Jan 9, 2024Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- Kill AV/EDR leveraging BYOVD attack☆391Jul 11, 2023Updated 2 years ago
- A PoC project for embedding shellcode to Hint/Name Table☆113May 16, 2022Updated 3 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆261Jun 29, 2024Updated last year
- ☆505Aug 14, 2022Updated 3 years ago