cbecks2 / edr-artifacts
This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
☆76Updated 6 months ago
Alternatives and similar repositories for edr-artifacts:
Users that are interested in edr-artifacts are comparing it to the libraries listed below
- Two in one, patch lifetime powershell console, no more etw and amsi!☆84Updated 8 months ago
- ☆80Updated 4 months ago
- Microsoft Graph API post-exploitation toolkit☆94Updated 8 months ago
- ☆37Updated 11 months ago
- Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.☆36Updated 2 months ago
- a tiny program to consume from ETW providers for research☆46Updated 2 months ago
- Detect WFP filters blocking EDR communications☆85Updated last year
- ☆46Updated last year
- Living Off the Foreign Land setup scripts☆65Updated 3 weeks ago
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆111Updated 10 months ago
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆90Updated last year
- Yara Rules for Modern Malware☆73Updated last year
- Tool to extract username and password of current user from PanGPA in plaintext☆83Updated 3 months ago
- BloodHound PowerShell client☆51Updated last week
- Living off the land searches for explorer and sharepoint☆57Updated 4 months ago
- ☆115Updated 3 years ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆51Updated 10 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆90Updated 9 months ago
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆14Updated 2 months ago
- ☆146Updated last month
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆137Updated 7 months ago
- ☆114Updated last year
- Hybrid AD utilities for ROADtools☆72Updated last month
- Lifetime AMSI bypass.☆35Updated 8 months ago
- A Nemesis powered Retrieval-Augmented Generation (RAG) chatbot proof-of-concept.☆60Updated last year
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆159Updated 3 months ago
- Deploy a phishing infrastructure on the fly.☆68Updated 3 months ago