Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from silent in-process BOF to full PowerShell/WMI.
☆37Feb 6, 2026Updated 3 weeks ago
Alternatives and similar repositories for CS-EDR-Enumeration
Users that are interested in CS-EDR-Enumeration are comparing it to the libraries listed below
Sorting:
- Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service load…☆119Dec 7, 2025Updated 2 months ago
- ☆58Dec 10, 2025Updated 2 months ago
- ☆41Dec 24, 2025Updated 2 months ago
- An offensive toolkit for restless guests #DEFCON33☆53Aug 11, 2025Updated 6 months ago
- Block Windows Defender by deny ACL☆77Jan 12, 2026Updated last month
- A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.☆58Jul 2, 2025Updated 8 months ago
- ☆26Aug 5, 2025Updated 6 months ago
- Python tool to automatically perform SPN-less RBCD attacks.☆120Jan 7, 2026Updated last month
- Automatically deploy Nemesis☆21Jun 14, 2024Updated last year
- Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…☆18Aug 13, 2025Updated 6 months ago
- Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.☆12Feb 3, 2024Updated 2 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆76Oct 27, 2025Updated 4 months ago
- Helps defenders find their WSUS configurations in the wake of CVE-2025-59287☆46Oct 28, 2025Updated 4 months ago
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 6 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated last month
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated 11 months ago
- PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph☆72Updated this week
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- Dump processes over WMI with MSFT_MTProcess☆84Feb 13, 2026Updated 2 weeks ago
- A modern GoPhish fork with improved tracking accuracy and smarter detection.☆86Feb 16, 2026Updated 2 weeks ago
- Ludus role for deploying a Mythic Teamserver onto Linux servers☆23Mar 16, 2025Updated 11 months ago
- Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered b…☆82Nov 15, 2025Updated 3 months ago
- Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.☆58Dec 15, 2025Updated 2 months ago
- ☆47Dec 5, 2025Updated 2 months ago
- Python script that fetches, analyzes, and reports Microsoft Patch Tuesday updates via the MSRC API — with a clean web interface for easy …☆24Updated this week
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆11May 17, 2024Updated last year
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆85Oct 20, 2025Updated 4 months ago
- ☆40Oct 8, 2024Updated last year
- An Ansible collection that installs an SCCM deployment with optional configurations.☆101Dec 8, 2025Updated 2 months ago
- ☆36Dec 4, 2025Updated 2 months ago
- MyBB 1.8.32 - Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script...☆14Oct 17, 2023Updated 2 years ago
- ☆18Sep 1, 2025Updated 6 months ago
- Proxll is a tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h☆41Oct 8, 2024Updated last year
- OneDrive, operating on Microsoft Windows 11 Pro is vulnerable to DLL hijacking.☆21Nov 9, 2023Updated 2 years ago
- Modified version of PEAS client for offensive operations☆50Nov 1, 2025Updated 4 months ago
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆30Oct 13, 2025Updated 4 months ago
- ☆19Apr 28, 2025Updated 10 months ago
- ☆35Dec 6, 2023Updated 2 years ago