amjcyber / EDRNoiseMakerLinks
Detect WFP filters blocking EDR communications
☆93Updated last year
Alternatives and similar repositories for EDRNoiseMaker
Users that are interested in EDRNoiseMaker are comparing it to the libraries listed below
Sorting:
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆205Updated 2 weeks ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- ☆157Updated 8 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆96Updated 3 months ago
- Lateral Movement☆124Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆76Updated last year
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- Windows Persistence IT-Security☆103Updated 5 months ago
- Decrypt GlobalProtect configuration and cookie files.☆150Updated 11 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆86Updated 4 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated last year
- BloodHound PowerShell client☆58Updated last week
- ☆76Updated 3 months ago
- ☆79Updated last year
- ☆158Updated 6 months ago
- Blog/Journal on how to backdoor VSCode extensions☆73Updated last month
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆91Updated 11 months ago
- Tool to extract username and password of current user from PanGPA in plaintext☆87Updated 8 months ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆140Updated last year
- BeaconatorC2 is a framework for red teaming and adversarial emulation, providing a full-featured management interface, along with a catal…☆84Updated last week
- Tool for viewing NTDS.dit☆174Updated 5 months ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆139Updated 3 weeks ago
- ☆120Updated 4 years ago
- Abuse Azure API permissions for red teaming☆68Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- ☆120Updated last year
- ☆133Updated 6 months ago
- Adversary Emulation Framework☆123Updated last month