TierZeroSecurity / edr_blockerLinks
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆140Updated last year
Alternatives and similar repositories for edr_blocker
Users that are interested in edr_blocker are comparing it to the libraries listed below
Sorting:
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- Windows Persistence IT-Security☆103Updated 5 months ago
- ☆157Updated 8 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆139Updated 3 weeks ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆96Updated 4 months ago
- Lateral Movement☆124Updated last year
- A BOF to enumerate system process, their protection levels, and more.☆119Updated 9 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆153Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 5 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- ☆76Updated 3 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆153Updated 3 weeks ago
- Adversary Emulation Framework☆123Updated last month
- Port of Cobalt Strike's Process Inject Kit☆184Updated 8 months ago
- Local & remote Windows DLL Proxying☆165Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆207Updated 10 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated last year
- ☆133Updated 6 months ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆119Updated last year
- ☆90Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆86Updated 4 months ago
- ☆145Updated 9 months ago
- Stage 0☆163Updated 8 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆205Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆193Updated 2 years ago
- Remote DLL Injection with Timer-based Shellcode Execution☆95Updated last month
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆122Updated 10 months ago