TierZeroSecurity / edr_blockerLinks
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆140Updated 11 months ago
Alternatives and similar repositories for edr_blocker
Users that are interested in edr_blocker are comparing it to the libraries listed below
Sorting:
- ☆155Updated 6 months ago
- Stage 0☆161Updated 6 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated last year
- Two in one, patch lifetime powershell console, no more etw and amsi!☆92Updated last month
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆201Updated 8 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆131Updated 7 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Lateral Movement☆124Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 2 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆201Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆188Updated 6 months ago
- Tool for viewing NTDS.dit☆169Updated 3 months ago
- Adversary Emulation Framework☆114Updated 11 months ago
- Port of Cobalt Strike's Process Inject Kit☆180Updated 6 months ago
- .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS☆147Updated 4 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- ☆137Updated last month
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆110Updated last month
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆173Updated last month
- ☆177Updated 10 months ago
- Windows Persistence IT-Security☆101Updated 3 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆193Updated 2 years ago
- ☆89Updated last year
- ☆180Updated 2 months ago
- ☆132Updated 4 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆167Updated 3 months ago
- Local & remote Windows DLL Proxying☆164Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆122Updated 8 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆152Updated last year