Project to check which Nt/Zw functions your local EDR is hooking
☆202Mar 21, 2021Updated 5 years ago
Alternatives and similar repositories for Probatorum-EDR-Userland-Hook-Checker
Users that are interested in Probatorum-EDR-Userland-Hook-Checker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆125Mar 25, 2022Updated 4 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 4 years ago
- Silence EDRs by removing kernel callbacks☆238Dec 7, 2020Updated 5 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆271Mar 18, 2021Updated 5 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- New UAC bypass for Silent Cleanup for CobaltStrike☆191Jul 14, 2021Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆246Jul 14, 2021Updated 4 years ago
- Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.☆188Feb 11, 2021Updated 5 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆274May 3, 2023Updated 3 years ago
- Remove API hooks from a Beacon process.☆284Sep 18, 2021Updated 4 years ago
- Security product hook detection☆326Mar 30, 2021Updated 5 years ago
- Evasive Process Hollowing Techniques☆143Aug 16, 2020Updated 5 years ago
- Evading WinDefender ATP credential-theft☆256Dec 2, 2019Updated 6 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆599Jul 26, 2021Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- ☆100Aug 23, 2021Updated 4 years ago
- My CobaltStrike BOFS☆167Jul 23, 2022Updated 3 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆835Aug 23, 2021Updated 4 years ago
- ☆51Sep 18, 2020Updated 5 years ago
- Managed code hooking template.☆134Nov 19, 2021Updated 4 years ago
- D/Invoke port of UrbanBishop☆30Dec 13, 2020Updated 5 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆320Nov 9, 2021Updated 4 years ago
- Dump the memory of a PPL with a userland exploit☆891Jul 24, 2022Updated 3 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Enumerate and disable common sources of telemetry used by AV/EDR.☆853Mar 11, 2021Updated 5 years ago
- C++ function that will automagically unhook a specified Windows API☆63Oct 14, 2020Updated 5 years ago
- Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)☆426Apr 22, 2021Updated 5 years ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆491Jul 12, 2023Updated 2 years ago
- A shellcode function to encrypt a running process image when sleeping.☆340Sep 11, 2021Updated 4 years ago
- ☆642Jul 21, 2025Updated 11 months ago
- POCs for Shellcode Injection via Callbacks☆416Feb 23, 2021Updated 5 years ago
- Command line interface to dump LSASS memory to disk via SilentProcessExit☆457Dec 23, 2020Updated 5 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 6 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Example code for using named pipe output with beacon ReflectiveDLLs☆122Jun 24, 2020Updated 6 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆296Aug 18, 2023Updated 2 years ago
- ☆2,192Apr 3, 2026Updated 3 months ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆257Dec 2, 2021Updated 4 years ago
- ☆112Jul 24, 2023Updated 2 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆783Sep 4, 2024Updated last year
- ☆154Aug 17, 2020Updated 5 years ago