iamagarre/BadExclusions external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

iamagarre/BadExclusions

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/iamagarre/BadExclusions)

Close

iamagarre / BadExclusionsView on GitHubMore

• External links
• Readme badge

BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR

☆21Feb 8, 2024Updated 2 years ago

Alternatives and similar repositories for BadExclusions

Users that are interested in BadExclusions are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• codewhitesec / daphne

  View on GitHub
  Proof-of-Concept to evade auditd by tampering via ptrace
  ☆19Aug 3, 2023Updated 2 years ago
• Pwnd4 / DefenseEvasion

  View on GitHub
  Bypassing AV, EDR, Application Whitelisting and ASR Rules
  ☆13Apr 18, 2023Updated 3 years ago
• iamagarre / BadExclusionsNWBO

  View on GitHub
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆76Feb 9, 2024Updated 2 years ago
• G0ldenGunSec / DayBird

  View on GitHub
  Extension functionality for the NightHawk operator client
  ☆27Nov 3, 2023Updated 2 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• jonny-jhnson / MSFT_DriverBlockList

  View on GitHub
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆46Apr 14, 2024Updated 2 years ago
• hiatus / NtGate

  View on GitHub
  Transparently call NTAPI via Halo's Gate with indirect syscalls.
  ☆15Apr 26, 2024Updated 2 years ago
• vysecurity / Nemesis-Download-Watcher

  View on GitHub
  Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.
  ☆15Feb 29, 2024Updated 2 years ago
• NetSPI / silkwasm

  View on GitHub
  HTML Smuggling with Web Assembly
  ☆74Feb 20, 2024Updated 2 years ago
• Teach2Breach / noldr

  View on GitHub
  Dynamically resolve API function addresses at runtime in a secure manner.
  ☆72Nov 11, 2025Updated 6 months ago
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆30Dec 27, 2025Updated 4 months ago
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆163Jul 13, 2025Updated 10 months ago
• ZERODETECTION / Havoc_Demon_API_Hashing

  View on GitHub
  Rehashing APIs to prevent hash based detection
  ☆14Jan 7, 2025Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆155Nov 23, 2025Updated 6 months ago
• xrombar / flower

  View on GitHub
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆111Mar 25, 2024Updated 2 years ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated 2 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆298Apr 10, 2021Updated 5 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆103Oct 7, 2023Updated 2 years ago
• fin3ss3g0d / HookFinder

  View on GitHub
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆46Jul 16, 2023Updated 2 years ago
• xpn / CloudInject

  View on GitHub
  ☆123Nov 21, 2024Updated last year
• rbmm / SDD2

  View on GitHub
  Self delete DLL (2)
  ☆14Feb 15, 2024Updated 2 years ago
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• 0xRedpoll / ludus_mythic_teamserver

  View on GitHub
  Ludus role for deploying a Mythic Teamserver onto Linux servers
  ☆23Mar 16, 2025Updated last year
• NotMedic / SocksLauncher

  View on GitHub
  ☆14Oct 25, 2019Updated 6 years ago
• 0xflux / ETW-Bypass-Rust

  View on GitHub
  Event Tracing for Windows EDR bypass in Rust (usermode)
  ☆40Jun 9, 2024Updated last year
• tccontre / Reg-Restore-Persistence-Mole

  View on GitHub
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆65Aug 23, 2023Updated 2 years ago
• Tylous / GraphRunner

  View on GitHub
  A Post-exploitation Toolset for Interacting with the Microsoft Graph API
  ☆15Nov 16, 2023Updated 2 years ago
• REDMED-X / InjectKit

  View on GitHub
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆109Jan 24, 2024Updated 2 years ago
• S3cur3Th1sSh1t / nim-strenc

  View on GitHub
  string encryption in Nim
  ☆19Jun 15, 2024Updated last year
• weaselsec / ClickOnce-AppDomain-Manager-Injection

  View on GitHub
  Click Once + App Domain
  ☆67Feb 23, 2026Updated 3 months ago
• redt1de / MaldevEDR

  View on GitHub
  EDR/AV Simulation for Malware Development
  ☆13Oct 21, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆87Jan 29, 2025Updated last year
• strozfriedberg / DUALITY

  View on GitHub
  ☆18Feb 29, 2024Updated 2 years ago
• Teach2Breach / rpeloader

  View on GitHub
  use python on windows with full submodule support without installation
  ☆30Jan 23, 2025Updated last year
• jojonas / SharpSAMDump

  View on GitHub
  SAM Dumping in C#
  ☆55Nov 27, 2025Updated 5 months ago
• Allevon412 / SyscallTempering

  View on GitHub
  ☆31Jul 26, 2024Updated last year
• Teach2Breach / schtask

  View on GitHub
  Rust implementation, creating a scheduled task programmatically with user logon trigger.
  ☆47Jun 10, 2025Updated 11 months ago
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago