Project to check which Nt/Zw functions your local EDR is hooking
☆200Mar 21, 2021Updated 4 years ago
Alternatives and similar repositories for Probatorum-EDR-Userland-Hook-Checker
Users that are interested in Probatorum-EDR-Userland-Hook-Checker are comparing it to the libraries listed below
Sorting:
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆123Mar 25, 2022Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- New UAC bypass for Silent Cleanup for CobaltStrike☆191Jul 14, 2021Updated 4 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆269Mar 18, 2021Updated 4 years ago
- Remove API hooks from a Beacon process.☆282Sep 18, 2021Updated 4 years ago
- Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.☆185Feb 11, 2021Updated 5 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆244Jul 14, 2021Updated 4 years ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- C++ function that will automagically unhook a specified Windows API☆62Oct 14, 2020Updated 5 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆822Aug 23, 2021Updated 4 years ago
- ☆617Jul 21, 2025Updated 7 months ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- POCs for Shellcode Injection via Callbacks☆411Feb 23, 2021Updated 5 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆482Jul 12, 2023Updated 2 years ago
- Managed code hooking template.☆134Nov 19, 2021Updated 4 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- Dump the memory of a PPL with a userland exploit☆888Jul 24, 2022Updated 3 years ago
- D/Invoke port of UrbanBishop☆30Dec 13, 2020Updated 5 years ago
- Command line interface to dump LSASS memory to disk via SilentProcessExit☆454Dec 23, 2020Updated 5 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆844Mar 11, 2021Updated 4 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆290Mar 8, 2023Updated 3 years ago
- My CobaltStrike BOFS☆167Jul 23, 2022Updated 3 years ago
- A shellcode function to encrypt a running process image when sleeping.☆339Sep 11, 2021Updated 4 years ago
- Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)☆425Apr 22, 2021Updated 4 years ago
- ☆2,168Feb 21, 2023Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆257Dec 2, 2021Updated 4 years ago
- ☆112Jul 24, 2023Updated 2 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆321Nov 9, 2021Updated 4 years ago
- ☆418Apr 28, 2021Updated 4 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆297Aug 18, 2023Updated 2 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆500Jan 25, 2022Updated 4 years ago
- ☆155Aug 17, 2020Updated 5 years ago