dobin / RedEdr
Collect Windows telemetry for Maldev
☆266Updated last week
Alternatives and similar repositories for RedEdr:
Users that are interested in RedEdr are comparing it to the libraries listed below
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆330Updated 7 months ago
- EDRSandblast-GodFault☆243Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆215Updated 4 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆233Updated 5 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆321Updated 5 months ago
- Exploitation of process killer drivers☆194Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆211Updated last month
- Slides & Code snippets for a workshop held @ x33fcon 2024☆249Updated 7 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆179Updated last year
- A Mythic Agent written in PIC C.☆166Updated last week
- Sleep obfuscation☆199Updated last month
- ☆249Updated 11 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆318Updated last month
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆170Updated 11 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆303Updated last year
- Open Source C&C Specification☆222Updated 3 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆153Updated 7 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆203Updated 2 months ago
- early cascade injection PoC based on Outflanks blog post☆192Updated 2 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆284Updated 3 months ago
- Generic PE loader for fast prototyping evasion techniques☆189Updated 6 months ago
- Remote Shellcode Injector☆207Updated last year
- Some POCs for my BYOVD research and find some vulnerable drivers☆154Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆157Updated last month
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆288Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆169Updated 3 months ago
- Hide your P/Invoke signatures through other people's signed assemblies☆202Updated 10 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆282Updated last year
- ☆226Updated 2 years ago