TierZeroSecurity / edr_blockerLinks
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆141Updated 10 months ago
Alternatives and similar repositories for edr_blocker
Users that are interested in edr_blocker are comparing it to the libraries listed below
Sorting:
- ☆155Updated 5 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated last year
- Stage 0☆160Updated 5 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆187Updated 6 months ago
- Adversary Emulation Framework☆106Updated 10 months ago
- ☆164Updated 10 months ago
- Tool for viewing NTDS.dit☆167Updated 2 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆200Updated 7 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆90Updated 11 months ago
- Lateral Movement☆125Updated last year
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆170Updated 2 weeks ago
- ☆133Updated 3 weeks ago
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆115Updated 2 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 2 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆91Updated last month
- Windows Persistence IT-Security☆100Updated 2 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆182Updated 3 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆200Updated 11 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆131Updated 6 months ago
- ☆90Updated last year
- Port of Cobalt Strike's Process Inject Kit☆178Updated 6 months ago
- Construct the payload at runtime using an array of offsets☆63Updated 11 months ago
- Local & remote Windows DLL Proxying☆164Updated 11 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆99Updated 3 weeks ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- A Mythic agent for Windows written in C☆123Updated last week
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated 11 months ago
- ☆116Updated 2 months ago
- ☆151Updated last year