Rostelecom-Red-Team / GoodbyeEDR
☆79Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for GoodbyeEDR
- bypass UAC even when configured to always notify user☆29Updated 3 years ago
- ☆72Updated 3 years ago
- bypass BeaconEye☆88Updated 3 years ago
- UAC_wenpon☆48Updated 2 years ago
- ReturnGate, just like HellsGate.☆65Updated 2 years ago
- power-kill is a project that kill protected processes (such as EDR or AV) by injecting shellcode into high privilege processes☆46Updated 3 years ago
- use aswArPot.sys to kill process☆64Updated 2 years ago
- Kernel file/process/object tool☆64Updated 3 years ago
- A simple hidden vnc.☆32Updated 3 years ago
- (Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll☆41Updated 2 years ago
- ☆46Updated 3 years ago
- ShellCodeLoader via DInvoke☆49Updated 3 years ago
- 用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现☆25Updated 2 years ago
- Beacon Object File implementation of pwn1sher's KillDefender☆62Updated 2 years ago
- Imitate CobaltStrike's Shellcode Generation☆3Updated 2 years ago
- ☆40Updated 2 years ago
- PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527☆58Updated 3 years ago
- 看起来叫BabyBypass,实际啥都会记一些☆16Updated last year
- A Cobalt Strike memory evasion loader for redteamers☆95Updated last year
- 汇编语言编写Shellcode加载器源代码 https://payloads.online/archivers/2022-02-16/1/☆77Updated 2 years ago
- ☆30Updated 4 years ago
- A Mimikatz For Only Extracting Login Passwords.(Bypasses Most AV's)☆59Updated 2 years ago
- Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF☆41Updated 2 years ago
- ☆36Updated 4 years ago
- Windows Defender VDM lua collections☆45Updated 2 years ago
- A wrapper of ldap_shell.py module which in ntlmrelayx☆60Updated 2 years ago
- more conveniently Visual-Studio-BOF-template☆53Updated last year
- my learning case about windows☆21Updated 2 years ago
- Beacon compiled using clang☆59Updated last year
- Just another version of the custom stack call from Proxy-Function-Calls-For-ETwTI☆32Updated last year