TierZeroSecurity / edr_blocker
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆139Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for edr_blocker
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆143Updated 6 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆79Updated 4 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆190Updated 5 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆169Updated last month
- ☆126Updated 3 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆174Updated last year
- ☆142Updated 2 weeks ago
- Lateral Movement☆119Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆146Updated 3 weeks ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆108Updated last month
- ☆142Updated last year
- C2 Infrastructure Automation☆86Updated last week
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 11 months ago
- A Mythic Agent written in PIC C.☆92Updated this week
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆170Updated 8 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆45Updated 8 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆108Updated last month
- ☆116Updated 2 months ago
- ☆158Updated last year
- ☆182Updated 7 months ago
- Evade EDR's the simple way, by not touching any of the API's they hook.☆53Updated 3 months ago
- Decrypt GlobalProtect configuration and cookie files.☆138Updated 2 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆148Updated 5 months ago
- Local & remote Windows DLL Proxying☆160Updated 5 months ago
- ☆83Updated 6 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆147Updated 6 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆113Updated 4 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆91Updated last year
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆125Updated 2 weeks ago
- ☆108Updated 7 months ago