Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
☆139Jul 23, 2024Updated last year
Alternatives and similar repositories for edr_blocker
Users that are interested in edr_blocker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆30Jul 26, 2024Updated last year
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆475Aug 2, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆246Jul 2, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆557May 9, 2025Updated last year
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆359Oct 7, 2024Updated last year
- ☆147Oct 29, 2024Updated last year
- ApexLdr is a DLL Payload Loader written in C☆115Jul 17, 2024Updated last year
- Detect Remote Local Credentials Dumping using a Shadow Snapshot☆32Jan 27, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆309Jul 31, 2024Updated last year
- ☆269Jul 31, 2024Updated last year
- Remotely Enumerate sessions using undocumented Windows Station APIs☆118Aug 21, 2024Updated last year
- ☆111Aug 21, 2024Updated last year
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆251Jun 11, 2024Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A command and control framework written in rust.☆389Apr 27, 2026Updated 2 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆293May 27, 2024Updated 2 years ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆134Oct 4, 2024Updated last year
- Proxll is a tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h☆41Oct 8, 2024Updated last year
- ☆124Oct 9, 2023Updated 2 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆326Apr 12, 2024Updated 2 years ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆361Nov 19, 2024Updated last year
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆360Aug 11, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆127Sep 1, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆598Jun 12, 2024Updated 2 years ago
- HookChain: A new perspective for Bypassing EDR Solutions☆608Jan 5, 2025Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆802Jan 26, 2026Updated 5 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆553Feb 13, 2024Updated 2 years ago
- ☆52Jun 12, 2026Updated 2 weeks ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆383Dec 13, 2024Updated last year
- Local & remote Windows DLL Proxying☆173Jun 17, 2024Updated 2 years ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆320Aug 31, 2023Updated 2 years ago
- Inject DLLs into the explorer process using icons☆410May 18, 2025Updated last year
- TypeLib persistence technique☆147Oct 22, 2024Updated last year
- Execute commands in other Sessions☆91Jul 29, 2024Updated last year
- A POC to disable TamperProtection and other Defender / MDE components☆256Jun 6, 2024Updated 2 years ago
- ☆61Oct 24, 2024Updated last year
- ☆159Dec 13, 2024Updated last year