amjcyber / EDRNoiseMaker
Detect WFP filters blocking EDR communications
☆85Updated last year
Alternatives and similar repositories for EDRNoiseMaker:
Users that are interested in EDRNoiseMaker are comparing it to the libraries listed below
- ☆150Updated 3 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆84Updated 8 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 8 months ago
- Lateral Movement☆123Updated last year
- Tool for viewing NTDS.dit☆150Updated last week
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆76Updated 6 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆90Updated 9 months ago
- Adversary Emulation Framework☆92Updated 8 months ago
- Windows Persistence IT-Security☆90Updated 2 weeks ago
- ☆115Updated 3 years ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆90Updated last year
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆137Updated 7 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆145Updated 10 months ago
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆136Updated last month
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆160Updated 3 months ago
- An interactive shell to spoof some LOLBins command line☆184Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆118Updated 8 months ago
- C2 Infrastructure Automation☆97Updated 2 weeks ago
- ☆146Updated last month
- Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later☆91Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆192Updated 5 months ago
- Microsoft Graph API post-exploitation toolkit☆94Updated 8 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆184Updated last year
- A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).☆93Updated 2 years ago
- Abuse Azure API permissions for red teaming☆61Updated 2 years ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆129Updated 4 months ago
- Construct the payload at runtime using an array of offsets☆63Updated 9 months ago
- ☆69Updated last year
- Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"☆135Updated 7 months ago