cbecks2 / edr-artifacts
This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
☆76Updated 6 months ago
Alternatives and similar repositories for edr-artifacts:
Users that are interested in edr-artifacts are comparing it to the libraries listed below
- Microsoft Graph API post-exploitation toolkit☆93Updated 8 months ago
- Living Off the Foreign Land setup scripts☆65Updated 2 weeks ago
- ☆80Updated 3 months ago
- ☆37Updated 11 months ago
- Tool to extract username and password of current user from PanGPA in plaintext☆82Updated 2 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆83Updated 8 months ago
- Detect WFP filters blocking EDR communications☆85Updated last year
- Utilities for obfuscating shellcode☆54Updated 8 months ago
- a tiny program to consume from ETW providers for research☆46Updated 2 months ago
- Living off the land searches for explorer and sharepoint☆57Updated 4 months ago
- Invoke-AtomicAssessment is a powerful tool designed to facilitate adversary emulation by leveraging Atomic Red Team.☆35Updated last month
- Yara Rules for Modern Malware☆73Updated last year
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆111Updated 10 months ago
- ☆145Updated last month
- ☆48Updated 4 months ago
- Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"☆135Updated 6 months ago
- ☆115Updated 3 years ago
- Adversary Emulation Framework☆91Updated 7 months ago
- ☆46Updated last year
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆135Updated 7 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆89Updated 8 months ago
- Lifetime AMSI bypass.☆35Updated 8 months ago
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆90Updated last year
- A Python POC for CRED1 over SOCKS5☆140Updated 5 months ago
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 10 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆159Updated 3 months ago