TierZeroSecurity/edr_blocker external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

TierZeroSecurity/edr_blocker

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/TierZeroSecurity/edr_blocker)

Close

TierZeroSecurity / edr_blockerView on GitHubMore

• External links
• Readme badge

Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.

☆138Jul 23, 2024Updated last year

Alternatives and similar repositories for edr_blocker

Users that are interested in edr_blocker are comparing it to the libraries listed below

• Allevon412 / SyscallTempering

  View on GitHub
  ☆31Jul 26, 2024Updated last year
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆244Jul 2, 2024Updated last year
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆458Aug 2, 2024Updated last year
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• vxCrypt0r / Voidmaw

  View on GitHub
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆340Oct 7, 2024Updated last year
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆539May 9, 2025Updated 9 months ago
• pygrum / gimmick

  View on GitHub
  Section-based payload obfuscation technique for x64
  ☆64Aug 8, 2024Updated last year
• Cipher7 / ApexLdr

  View on GitHub
  ApexLdr is a DLL Payload Loader written in C
  ☆117Jul 17, 2024Updated last year
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆118Aug 21, 2024Updated last year
• ZERODETECTION / MSC_Dropper

  View on GitHub
  ☆250Jul 31, 2024Updated last year
• HulkOperator / AuthStager

  View on GitHub
  ☆59Oct 24, 2024Updated last year
• I3IT / Detect.Remote.ShadowSnapshot.Dump

  View on GitHub
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆32Jan 27, 2025Updated last year
• deepinstinct / ShimMe

  View on GitHub
  ☆147Oct 29, 2024Updated last year
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• Krypteria / Proxll

  View on GitHub
  Proxll is a tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h
  ☆41Oct 8, 2024Updated last year
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆590Jan 5, 2025Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• vxCrypt0r / Voidgate

  View on GitHub
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆592Jun 12, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆298Jul 31, 2024Updated last year
• 0xEr3bus / RdpStrike

  View on GitHub
  Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
  ☆250Jun 11, 2024Updated last year
• Teach2Breach / Tempest

  View on GitHub
  A command and control framework written in rust.
  ☆384Sep 4, 2025Updated 5 months ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆254Jun 6, 2024Updated last year
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV

  View on GitHub
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆289May 27, 2024Updated last year
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆539Feb 13, 2024Updated 2 years ago
• CICADA8-Research / TypeLibWalker

  View on GitHub
  TypeLib persistence technique
  ☆140Oct 22, 2024Updated last year
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆359Aug 11, 2024Updated last year
• synacktiv / DLHell

  View on GitHub
  Local & remote Windows DLL Proxying
  ☆169Jun 17, 2024Updated last year
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 5 months ago
• securifybv / BOFRyptor

  View on GitHub
  ☆123Oct 9, 2023Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆776Jan 26, 2026Updated last month
• dazzyddos / HSC24RedTeamInfra

  View on GitHub
  Slides and Codes used for the workshop Red Team Infrastructure Automation
  ☆193Apr 14, 2024Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• Karkas66 / CelestialSpark

  View on GitHub
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆103Mar 27, 2025Updated 11 months ago
• Leo4j / SessionExec

  View on GitHub
  Execute commands in other Sessions
  ☆91Jul 29, 2024Updated last year
• rtecCyberSec / Packer_Development

  View on GitHub
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆283Jun 15, 2024Updated last year