TierZeroSecurity / edr_blockerLinks
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆139Updated last year
Alternatives and similar repositories for edr_blocker
Users that are interested in edr_blocker are comparing it to the libraries listed below
Sorting:
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆152Updated 4 months ago
- Windows Persistence IT-Security☆108Updated 9 months ago
- ☆159Updated last year
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆163Updated 4 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆154Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆102Updated 8 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆99Updated 7 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated 2 years ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆212Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆121Updated last year
- Adversary Emulation Framework☆128Updated 5 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆207Updated last month
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆92Updated last year
- Stage 0☆167Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆208Updated 11 months ago
- ☆121Updated last year
- Lateral Movement☆125Updated 2 years ago
- ☆136Updated 10 months ago
- Detect WFP filters blocking EDR communications☆95Updated last year
- ☆197Updated 8 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆50Updated last year
- A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA …☆162Updated last month
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆100Updated 2 years ago
- Port of Cobalt Strike's Process Inject Kit☆189Updated last year
- Local & remote Windows DLL Proxying☆169Updated last year
- POC of GITHUB simple C2 in rust☆52Updated 4 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆209Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆90Updated 7 months ago