VirtualAlllocEx/CS-EDR-Enumeration external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

VirtualAlllocEx/CS-EDR-Enumeration

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/VirtualAlllocEx/CS-EDR-Enumeration)

Close

VirtualAlllocEx / CS-EDR-EnumerationView on GitHubMore

• External links
• Readme badge

Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from silent in-process BOF to full PowerShell/WMI.

☆42Feb 6, 2026Updated last month

Alternatives and similar repositories for CS-EDR-Enumeration

Users that are interested in CS-EDR-Enumeration are comparing it to the libraries listed below

• MaorSabag / impacket-jump

  View on GitHub
  Remote service-staging tool built on Impacket, designed for BOF-style lateral movement workflows that lets you upload custom service load…
  ☆119Dec 7, 2025Updated 3 months ago
• Scoubi / BloodSOCer

  View on GitHub
  ☆58Dec 10, 2025Updated 3 months ago
• initstring / RTAP

  View on GitHub
  Red Team Assessment Platform - reporting, visualizations, and analytics for cybersecurity red teams
  ☆34Jan 27, 2026Updated last month
• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 2 months ago
• professor-moody / scorch

  View on GitHub
  ☆43Dec 24, 2025Updated 2 months ago
• CodeXTF2 / CustomC2ChannelTemplate

  View on GitHub
  template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
  ☆101Jan 10, 2026Updated 2 months ago
• redi-git / SCCM_SLAP

  View on GitHub
  Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…
  ☆18Aug 13, 2025Updated 7 months ago
• dobin / AwesomeMalDevLinks

  View on GitHub
  Awesome MalDev Links
  ☆52Updated this week
• TheManticoreProject / LDAPWordlistHarvester

  View on GitHub
  A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.
  ☆58Jul 2, 2025Updated 8 months ago
• ghostvectoracademy / DLLHijackHunter

  View on GitHub
  Automated DLL Hijacking Discovery, Validation, and Confirmation. Turning local misconfigurations into weaponized, confirmed attack paths.
  ☆225Mar 13, 2026Updated last week
• lkarlslund / defender-acl-blocker

  View on GitHub
  Block Windows Defender by deny ACL
  ☆88Jan 12, 2026Updated 2 months ago
• EricEsquivel / CobaltStrike-Linux-Beacon

  View on GitHub
  Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
  ☆192Feb 11, 2026Updated last month
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated last year
• DXC-StrikeForce / Nemesis-Ansible

  View on GitHub
  Automatically deploy Nemesis
  ☆21Jun 14, 2024Updated last year
• mubix / Find-WSUS

  View on GitHub
  Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
  ☆46Oct 28, 2025Updated 4 months ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆86Oct 20, 2025Updated 5 months ago
• 0xthirteen / WMI_Proc_Dump

  View on GitHub
  Dump processes over WMI with MSFT_MTProcess
  ☆85Feb 13, 2026Updated last month
• mallo-m / AxiomSecrets

  View on GitHub
  Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition
  ☆38Nov 11, 2025Updated 4 months ago
• synacktiv / sccmsqlclient

  View on GitHub
  ☆26Aug 5, 2025Updated 7 months ago
• P0142 / LDAP-Bof-Collection

  View on GitHub
  Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.
  ☆67Dec 15, 2025Updated 3 months ago
• Fudgedotdotdot / nimpersonate

  View on GitHub
  Impersonate Windows tokens in Nim
  ☆23Aug 4, 2025Updated 7 months ago
• 0xRedpoll / ludus_mythic_teamserver

  View on GitHub
  Ludus role for deploying a Mythic Teamserver onto Linux servers
  ☆23Mar 16, 2025Updated last year
• jarnovandenbrink / getSPNless

  View on GitHub
  Python tool to automatically perform SPN-less RBCD attacks.
  ☆124Jan 7, 2026Updated 2 months ago
• SpecterOps / ConfigManBearPig

  View on GitHub
  PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph
  ☆78Mar 13, 2026Updated last week
• NtDallas / Huginn

  View on GitHub
  ☆81Feb 12, 2026Updated last month
• DeathShotXD / 0xKern3lCrush-Foreverday-BYOVD-CVE-2026-0828

  View on GitHub
  Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Drive…
  ☆28Feb 4, 2026Updated last month
• ibaiC / SafeHarbor-BOF

  View on GitHub
  Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…
  ☆78Oct 27, 2025Updated 4 months ago
• kidtronnix / restless-guest

  View on GitHub
  An offensive toolkit for restless guests #DEFCON33
  ☆53Aug 11, 2025Updated 7 months ago
• SpecterOps / SCOMHound

  View on GitHub
  ☆37Dec 4, 2025Updated 3 months ago
• s4mp0l / Malware-Development

  View on GitHub
  Repository focused on advanced Red Team tools and techniques, mainly created with C. It contains projects I have created to understand ma…
  ☆19Updated this week
• S3cur3Th1sSh1t / AI-Coded-scripts

  View on GitHub
  This repo contains useful scripts that AI created for me which I would have been too lazy for
  ☆93Updated this week
• grayhatkiller / wambam-bof

  View on GitHub
  ☆48Dec 5, 2025Updated 3 months ago
• n00py / Outpacket

  View on GitHub
  This cheatsheet maps common impacket workflows to their modern alternatives
  ☆56Updated this week
• glynx / peas

  View on GitHub
  Modified version of PEAS client for offensive operations
  ☆50Nov 1, 2025Updated 4 months ago
• slygoo / pssrecon

  View on GitHub
  ☆41Oct 8, 2024Updated last year
• Synzack / ludus_sccm

  View on GitHub
  An Ansible collection that installs an SCCM deployment with optional configurations.
  ☆101Dec 8, 2025Updated 3 months ago
• NocteDefensor / LudusMCP

  View on GitHub
  ☆36Feb 5, 2026Updated last month
• zyn3rgy / RelayInformer

  View on GitHub
  Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
  ☆167Jan 12, 2026Updated 2 months ago
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 6 months ago