amjcyber / EDRNoiseMakerLinks
Detect WFP filters blocking EDR communications
☆93Updated last year
Alternatives and similar repositories for EDRNoiseMaker
Users that are interested in EDRNoiseMaker are comparing it to the libraries listed below
Sorting:
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- Lateral Movement☆124Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Updated last year
- ☆157Updated 9 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆97Updated 4 months ago
- Windows Persistence IT-Security☆104Updated 6 months ago
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆218Updated last month
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆88Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- A BOF to enumerate system process, their protection levels, and more.☆119Updated 9 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- ☆120Updated 4 years ago
- Decrypt GlobalProtect configuration and cookie files.☆150Updated last year
- ☆161Updated 7 months ago
- ☆79Updated 4 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆207Updated 10 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆141Updated last month
- Microsoft Graph API post-exploitation toolkit☆94Updated last year
- BloodHound PowerShell client☆64Updated last month
- Tool for viewing NTDS.dit☆178Updated 6 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆207Updated 8 months ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆140Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated last year
- Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges☆140Updated last month
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year
- .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS☆149Updated 7 months ago
- ☆120Updated last year
- Tool to extract username and password of current user from PanGPA in plaintext☆87Updated 8 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆91Updated last year
- ☆80Updated last year