TierZeroSecurity / edr_blocker
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆141Updated 6 months ago
Alternatives and similar repositories for edr_blocker:
Users that are interested in edr_blocker are comparing it to the libraries listed below
- ☆139Updated 6 months ago
- ☆143Updated 2 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆193Updated 8 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆172Updated 2 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆83Updated 7 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆185Updated 4 months ago
- Port of Cobalt Strike's Process Inject Kit☆165Updated 2 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆144Updated 9 months ago
- Stage 0☆153Updated 2 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆158Updated 2 months ago
- Adversary Emulation Framework☆66Updated 6 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆88Updated 8 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆180Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- A Mythic Agent written in PIC C.☆171Updated 2 weeks ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆129Updated 3 months ago
- ☆107Updated 3 months ago
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆157Updated 2 months ago
- Construct the payload at runtime using an array of offsets☆61Updated 8 months ago
- ☆85Updated 9 months ago
- ☆164Updated 3 months ago
- Lateral Movement☆122Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 11 months ago
- Just another C2 Redirector using CloudFlare.☆86Updated 9 months ago
- ☆192Updated 10 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆150Updated 9 months ago
- Evade EDR's the simple way, by not touching any of the API's they hook.☆84Updated 3 weeks ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆157Updated 8 months ago
- Leverage WindowsApp createdump tool to obtain an lsass dump☆145Updated 5 months ago