dobin / RedEdr
Collect Windows telemetry for Maldev
☆57Updated this week
Related projects ⓘ
Alternatives and complementary repositories for RedEdr
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆104Updated 2 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆38Updated 4 months ago
- Malware?☆70Updated last month
- ☆81Updated 3 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated 2 months ago
- ☆106Updated last year
- ☆96Updated last year
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆127Updated 2 years ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆164Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 4 months ago
- ☆133Updated last year
- ☆59Updated 5 months ago
- A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code☆39Updated 2 months ago
- a stage1 DLL loader with sleep obfuscation☆32Updated last year
- Experiment on reproducing Obfuscate & Sleep☆139Updated 3 years ago
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆17Updated 6 months ago
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆32Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆38Updated 10 months ago
- ☆27Updated 3 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Find DLLs with RWX section☆75Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆93Updated last year
- ☆76Updated 2 months ago
- Piece of code to detect and remove hooks in IAT☆58Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆52Updated last year
- Next gen process injection technique☆42Updated 4 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆108Updated last year