TierZeroSecurity / edr_blocker
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆141Updated 8 months ago
Alternatives and similar repositories for edr_blocker:
Users that are interested in edr_blocker are comparing it to the libraries listed below
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆145Updated 10 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆160Updated 3 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆84Updated 8 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆129Updated 4 months ago
- ☆150Updated 3 months ago
- ☆146Updated 7 months ago
- Stage 0☆154Updated 3 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆192Updated 5 months ago
- Port of Cobalt Strike's Process Inject Kit☆171Updated 3 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆149Updated last week
- Windows Persistence IT-Security☆90Updated 2 weeks ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆183Updated 3 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆90Updated 9 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆151Updated 10 months ago
- Tool for viewing NTDS.dit☆150Updated last week
- Evade EDR's the simple way, by not touching any of the API's they hook.☆90Updated last month
- Lateral Movement☆123Updated last year
- Adversary Emulation Framework☆92Updated 8 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆195Updated 9 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- Local & remote Windows DLL Proxying☆162Updated 9 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆184Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- ☆171Updated 4 months ago
- ☆86Updated 10 months ago
- ☆151Updated this week
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆118Updated 5 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆172Updated last month
- ☆114Updated last year
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆96Updated last year