amjcyber / EDRNoiseMakerLinks
Detect WFP filters blocking EDR communications
☆94Updated last year
Alternatives and similar repositories for EDRNoiseMaker
Users that are interested in EDRNoiseMaker are comparing it to the libraries listed below
Sorting:
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆139Updated last year
- ☆159Updated 11 months ago
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆249Updated last month
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- Windows Persistence IT-Security☆106Updated 8 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆121Updated last year
- Lateral Movement☆124Updated 2 years ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆98Updated 6 months ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆88Updated 2 years ago
- Utilizng an MCP Server to communicate with your C2☆85Updated 6 months ago
- sideloading PoC using onedrive.exe & version.dll☆77Updated 2 weeks ago
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆89Updated 6 months ago
- Decrypt GlobalProtect configuration and cookie files.☆154Updated last year
- ☆122Updated 4 years ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆91Updated last year
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆151Updated last week
- Blog/Journal on how to backdoor VSCode extensions☆75Updated 3 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆207Updated 10 months ago
- ☆80Updated last year
- ☆120Updated last year
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆152Updated 3 months ago
- Source code and examples for PassiveAggression☆64Updated last year
- Abuse Azure API permissions for red teaming☆68Updated 2 years ago
- ☆163Updated 9 months ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆50Updated 2 years ago
- SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connecti…☆236Updated 2 weeks ago
- A BOF to enumerate system process, their protection levels, and more.☆123Updated 11 months ago
- ☆77Updated last year