Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from silent in-process BOF to full PowerShell/WMI.
☆72Feb 6, 2026Updated 4 months ago
Alternatives and similar repositories for CS-EDR-Enumeration
Users that are interested in CS-EDR-Enumeration are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service load…☆123Dec 7, 2025Updated 6 months ago
- Awesome MalDev Links☆70Jun 21, 2026Updated last week
- ☆59Dec 10, 2025Updated 6 months ago
- Red Team Assessment Platform - reporting, visualizations, and analytics for cybersecurity red teams☆34Apr 13, 2026Updated 2 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆105Jan 10, 2026Updated 5 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated 5 months ago
- BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation☆134Mar 27, 2026Updated 3 months ago
- Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons☆212Feb 11, 2026Updated 4 months ago
- Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…☆18Aug 13, 2025Updated 10 months ago
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆98Apr 9, 2026Updated 2 months ago
- Set of PoC to abuse Windows minifilters functionality☆90May 1, 2026Updated 2 months ago
- Nim implementation for sud0Ru's Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)☆106Apr 4, 2026Updated 2 months ago
- A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.☆58Jul 2, 2025Updated last year
- Block Windows Defender by deny ACL☆91Jan 12, 2026Updated 5 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆45Apr 13, 2026Updated 2 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆19Mar 19, 2025Updated last year
- Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.☆31Jun 5, 2026Updated 3 weeks ago
- Automatically deploy Nemesis☆21Jun 14, 2024Updated 2 years ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆140Aug 25, 2025Updated 10 months ago
- Helps defenders find their WSUS configurations in the wake of CVE-2025-59287☆46Oct 28, 2025Updated 8 months ago
- An Ansible collection that installs an SCCM deployment with optional configurations.☆108Dec 8, 2025Updated 6 months ago
- Dump processes over WMI with MSFT_MTProcess☆86Feb 13, 2026Updated 4 months ago
- ☆30Jun 1, 2026Updated last month
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆89Oct 20, 2025Updated 8 months ago
- A practical client for ADWS in Golang.☆54Mar 3, 2026Updated 3 months ago
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 10 months ago
- A modern GoPhish fork with improved tracking accuracy and smarter detection.☆93Feb 16, 2026Updated 4 months ago
- Proof-of-concept implementation of AI-enabled postex DLLs☆95Sep 10, 2025Updated 9 months ago
- Live ETW-TI event viewer for Windows kernel threat-intelligence telemetry. Research tool for exploring the same signals commercial EDRs r…☆151Apr 15, 2026Updated 2 months ago
- Ludus role for deploying a Mythic Teamserver onto Linux servers☆23Mar 16, 2025Updated last year
- Python tool to automatically perform SPN-less RBCD attacks.☆131Jan 7, 2026Updated 5 months ago
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆112Apr 16, 2026Updated 2 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph☆95Apr 21, 2026Updated 2 months ago
- An offensive toolkit for restless guests #DEFCON33☆60Aug 11, 2025Updated 10 months ago
- Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.☆101Dec 15, 2025Updated 6 months ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆81Oct 27, 2025Updated 8 months ago
- ☆86Feb 12, 2026Updated 4 months ago
- Repository focused on advanced Red Team tools and techniques, mainly created with C. It contains projects I have created to understand ma…☆21Updated this week
- ☆50Dec 5, 2025Updated 6 months ago