cpu0x00 / EternelSuspention
a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
☆38Updated 7 months ago
Alternatives and similar repositories for EternelSuspention:
Users that are interested in EternelSuspention are comparing it to the libraries listed below
- ☆47Updated last year
- Click Once + App Domain☆62Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆39Updated last year
- A pure C version of SymProcAddress☆25Updated 10 months ago
- Rewrite to fit my needs☆27Updated 6 months ago
- ☆28Updated 5 months ago
- macOS dylib stager☆31Updated 3 weeks ago
- ☆58Updated last year
- A care package of useful bofs for red team engagments☆54Updated 2 months ago
- Python3 rewrite of AsOutsider features of AADInternals☆39Updated last month
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆68Updated 9 months ago
- Section-based payload obfuscation technique for x64☆59Updated 6 months ago
- Bunch of BOF files☆27Updated last month
- Determine if the WebClient Service (WebDAV) is running on a remote system☆18Updated 11 months ago
- ☆52Updated 3 months ago
- Sniffing files generator☆51Updated 2 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 8 months ago
- BOF for C2 framework☆39Updated 3 months ago
- in-process powershell runner for BRC4☆44Updated last year
- ☆17Updated last month
- ☆28Updated 8 months ago
- Just another ntdll unhooking using Parun's Fart technique☆73Updated 2 years ago
- Python module for running BOFs☆66Updated last year
- Run Cobalt Strike BOFs in Brute Ratel C4!☆61Updated last month