This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
☆92Aug 30, 2024Updated last year
Alternatives and similar repositories for edr-artifacts
Users that are interested in edr-artifacts are comparing it to the libraries listed below
Sorting:
- CaptainCredz is a modular and discreet password-spraying tool.☆134Jul 22, 2025Updated 7 months ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.☆21Dec 15, 2024Updated last year
- ☆101Oct 7, 2023Updated 2 years ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- A Canary which fires when uninstalled☆34Mar 16, 2021Updated 4 years ago
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- Local & remote Windows DLL Proxying☆169Jun 17, 2024Updated last year
- Windows Administrator level Implant.☆50Sep 28, 2024Updated last year
- ☆285Aug 14, 2025Updated 6 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆169May 30, 2024Updated last year
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year
- SMB Audit Tool you were looking for☆24Jun 16, 2023Updated 2 years ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆162Aug 30, 2025Updated 6 months ago
- ☆261May 9, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated last year
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago
- single-threaded event driven sleep obfuscation poc for linux☆38Jun 14, 2025Updated 8 months ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Blog/Journal on how to backdoor VSCode extensions☆76Feb 24, 2026Updated last week
- A havoc UI python module to help in reporting and vulnerabilities to exploit on an internal network.☆14Oct 31, 2023Updated 2 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- yaa - yaml search for humans☆12Dec 8, 2025Updated 2 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆63Dec 25, 2025Updated 2 months ago
- ☆23Nov 13, 2021Updated 4 years ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- ☆18Feb 29, 2024Updated 2 years ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆204Dec 27, 2023Updated 2 years ago
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 9 months ago
- Simulate the behavior of AV/EDR for malware development training.☆562Feb 15, 2024Updated 2 years ago
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆181May 27, 2025Updated 9 months ago
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 2 years ago
- A project created with an aim to emulate and test exfiltration of data over different network protocols.☆31Mar 21, 2023Updated 2 years ago
- This code silently installs Chrome extensions on Mac, Windows, and Linux☆129Jul 22, 2025Updated 7 months ago