Alternatives and similar repositories for GoodbyeEDR

Users that are interested in GoodbyeEDR are comparing it to the libraries listed below

• wilszdev / SchtasksUacBypass
  bypass UAC even when configured to always notify user
  ☆29Updated 3 years ago
• knightswd / ProcessGhosting
  ☆74Updated 3 years ago
• scareing / UAC_wenpon
  UAC_wenpon
  ☆49Updated 3 years ago
• crisprss / Extracted_WD_VDM
  Windows Defender VDM lua collections
  ☆47Updated 2 years ago
• NoOne-hub / bypass-BeaconEye
  bypass BeaconEye
  ☆88Updated 3 years ago
• w1u0u1 / kt
  Kernel file/process/object tool
  ☆67Updated 3 years ago
• ScriptIdiot / sw2-secinject
  Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF
  ☆43Updated 3 years ago
• HadesW / power-kill
  power-kill is a project that kill protected processes (such as EDR or AV) by injecting shellcode into high privilege processes
  ☆46Updated 3 years ago
• timwhitez / Spoofing-Gate
  (Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll
  ☆43Updated 3 years ago
• dust-life / run_pe
  ☆49Updated 3 years ago
• Jeffry38 / HiddenVNC
  A simple hidden vnc.
  ☆32Updated 4 years ago
• alfarom256 / StinkyLoader
  It stinks
  ☆102Updated 3 years ago
• RedSection / printjacker
  Hijack Printconfig.dll to execute shellcode
  ☆98Updated 4 years ago
• XiaoliChan / LDAPShell
  A wrapper of ldap_shell.py module which in ntlmrelayx
  ☆62Updated 2 years ago
• bestspear / ReBeacon_ForClang
  Beacon compiled using clang
  ☆69Updated 2 years ago
• evilashz / RemoteMemorymodule
  Load the evilDLL from socket connection without touch disk
  ☆17Updated 3 years ago
• jas502n / mimikat_ssp
  Security Support Provider Interface
  ☆46Updated 5 years ago
• WBGlIl / ReflectiveDLL_Patch
  ☆37Updated 5 years ago
• timwhitez / killProcessPOC
  use aswArPot.sys to kill process
  ☆68Updated 2 years ago
• evilashz / ProxyAPICall
  Just another version of the custom stack call from Proxy-Function-Calls-For-ETwTI
  ☆35Updated 2 years ago
• hoo1ng / ImitateCobaltStrikeShellcode
  Imitate CobaltStrike's Shellcode Generation
  ☆3Updated 3 years ago
• myzxcg / BypassUAC-Dll
  Use COM Component Bypass UAC,Dll Version
  ☆35Updated 4 years ago
• sliverarmory / injectEtwBypass
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆32Updated 3 years ago
• morph3 / Windows-RPC-Backdoor
  Simple windows rpc server for research purposes only
  ☆82Updated 3 years ago
• Kara-4search / HookDetection_CSharp
  HookDetection
  ☆46Updated 3 years ago
• Kara-4search / DInvoke_shellcodeload_CSharp
  ShellCodeLoader via DInvoke
  ☆57Updated 3 years ago
• aazhuliang / CVE-2021-31956-EXP
  ☆40Updated 3 years ago
• timwhitez / AddressOfEntryPoint-injection
  x64 version
  ☆36Updated 3 years ago
• timwhitez / Doge-Whisper
  golang implementation of Syswhisper2/Syswhisper3
  ☆23Updated 3 years ago
• th3k3ymak3r / minbeacon
  A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.
  ☆19Updated 3 years ago