amjcyber / EDRNoiseMakerView external linksLinks
Detect WFP filters blocking EDR communications
☆96Jan 5, 2024Updated 2 years ago
Alternatives and similar repositories for EDRNoiseMaker
Users that are interested in EDRNoiseMaker are comparing it to the libraries listed below
Sorting:
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆457Aug 2, 2024Updated last year
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,813Nov 3, 2024Updated last year
- ☆159Dec 13, 2024Updated last year
- TypeLib persistence technique☆139Oct 22, 2024Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆167May 30, 2024Updated last year
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- ☆100Oct 7, 2023Updated 2 years ago
- Loads a program into a memfd and runs it.☆11May 22, 2022Updated 3 years ago
- ApexLdr is a DLL Payload Loader written in C☆116Jul 17, 2024Updated last year
- ☆42Feb 18, 2025Updated 11 months ago
- A C# port from Invoke-GhostTask☆119Jan 5, 2024Updated 2 years ago
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- ☆301Oct 29, 2024Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Aug 5, 2024Updated last year
- An interactive shell to spoof some LOLBins command line☆188Jan 27, 2024Updated 2 years ago
- Sleep obfuscation☆265Dec 13, 2024Updated last year
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆87May 17, 2023Updated 2 years ago
- ☆100Sep 1, 2024Updated last year
- ☆147Oct 29, 2024Updated last year
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated last year
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Mar 16, 2024Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆432Dec 21, 2023Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆358Aug 11, 2024Updated last year
- ☆153Jul 31, 2022Updated 3 years ago
- Identify binaries with Authenticode digital signatures signed to an internal CA/domain☆40Feb 6, 2024Updated 2 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆72Nov 11, 2025Updated 3 months ago
- Stage 0☆169Dec 18, 2024Updated last year
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆186Mar 4, 2024Updated last year
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆212Oct 19, 2024Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Feb 9, 2024Updated 2 years ago
- A POC to disable TamperProtection and other Defender / MDE components☆253Jun 6, 2024Updated last year
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆321Jan 17, 2024Updated 2 years ago
- ☆83Nov 1, 2023Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆280Sep 18, 2024Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆245Nov 2, 2025Updated 3 months ago
- HookChain: A new perspective for Bypassing EDR Solutions☆589Jan 5, 2025Updated last year
- Inject DLLs into the explorer process using icons☆403May 18, 2025Updated 8 months ago