TierZeroSecurity / edr_blockerLinks
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆139Updated last year
Alternatives and similar repositories for edr_blocker
Users that are interested in edr_blocker are comparing it to the libraries listed below
Sorting:
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- Windows Persistence IT-Security☆106Updated 8 months ago
- ☆159Updated 11 months ago
- Lateral Movement☆124Updated 2 years ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆154Updated last year
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆152Updated 3 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆209Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆101Updated 7 months ago
- SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connecti…☆236Updated last week
- ☆163Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- Two in one, patch lifetime powershell console, no more etw and amsi!☆98Updated 6 months ago
- Local & remote Windows DLL Proxying☆168Updated last year
- Remotely Enumerate sessions using undocumented Windows Station APIs☆119Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆50Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- ☆120Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Updated 11 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆159Updated 3 months ago
- ☆135Updated 9 months ago
- Port of Cobalt Strike's Process Inject Kit☆188Updated 11 months ago
- A BOF to enumerate system process, their protection levels, and more.☆123Updated 11 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆207Updated 10 months ago
- Decrypt GlobalProtect configuration and cookie files.☆154Updated last year
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated 2 years ago
- Stage 0☆164Updated 10 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆177Updated 5 months ago
- Enumerate active EDR's on the system☆144Updated last month
- Adversary Emulation Framework☆125Updated 4 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆126Updated last year