EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.
☆186Jan 11, 2026Updated last month
Alternatives and similar repositories for EDRStartupHinder
Users that are interested in EDRStartupHinder are comparing it to the libraries listed below
Sorting:
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- A tool to easily perform GitHub Device Code Phishing on red team engagements☆85Feb 9, 2026Updated 3 weeks ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- A runtime for developing large-scale and complex shellcode.☆22Feb 15, 2026Updated 2 weeks ago
- Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…☆167Oct 21, 2025Updated 4 months ago
- Using Chromium-based browsers as a proxy for C2 traffic.☆146Dec 6, 2025Updated 2 months ago
- Lateral Movement Bof with MSI ODBC Driver Install☆144Sep 30, 2025Updated 5 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.☆190Feb 16, 2026Updated last week
- BOF to run PE in Cobalt Strike Beacon without console creation☆186Nov 23, 2025Updated 3 months ago
- A Crystal Palace shared library to resolve & perform syscalls☆56Oct 29, 2025Updated 4 months ago
- Shellcode injection using the Windows Debugging API☆171Jan 4, 2026Updated last month
- A simple tool to identify WDS servers in Active Directory☆32Aug 25, 2025Updated 6 months ago
- Windows Defender Manager is a tool that helps stop Windows Defender. It works with the Antimalware Service Executable of all versions of …☆43Jan 18, 2025Updated last year
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 10 months ago
- tool for requesting Entra ID's P2P certificate and authenticating to a remote Entra joinned devices with it☆131Aug 23, 2025Updated 6 months ago
- BYOVD: Use 360 WFP driver to block EDR/XDR network connection.☆98Feb 10, 2026Updated 2 weeks ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated last month
- AppLocker-Based EDR Neutralization☆321Dec 19, 2025Updated 2 months ago
- A Python based tool to convert custom queries from Legacy BloodHound to BloodHound CE format, with the option to directly upload them to …☆36Oct 1, 2025Updated 5 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆26Dec 20, 2025Updated 2 months ago
- Power Automate C2 (PAC2) : Stealth living-off-the-cloud C2 framework.☆36Apr 16, 2024Updated last year
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 8 months ago
- A C# tool for extracting information from SCCM PXE boot media.☆51Jan 14, 2026Updated last month
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆123Jan 17, 2026Updated last month
- Tool for viewing NTDS.dit☆194Mar 14, 2025Updated 11 months ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆295Nov 1, 2025Updated 4 months ago
- Smart keylogging capability to steal SSH Credentials including password & Private Key☆152Mar 26, 2025Updated 11 months ago
- A PowerShell console in C/C++ with all the security features disabled☆364Oct 14, 2025Updated 4 months ago
- Good CLR Host with Native patchless AMSI Bypass☆103Apr 18, 2025Updated 10 months ago
- sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux☆66Dec 15, 2025Updated 2 months ago
- ☆137Feb 11, 2025Updated last year
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 6 months ago
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 7 months ago
- ☆53Mar 26, 2025Updated 11 months ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year