☆62Apr 4, 2024Updated last year
Alternatives and similar repositories for AV_EDR_EPP_Notes
Users that are interested in AV_EDR_EPP_Notes are comparing it to the libraries listed below
Sorting:
- ☆15Jul 13, 2024Updated last year
- CobaltStrike4.5 Sleeve解密文件,搬砖加一点点修改, 仅作备份使用.☆34Jun 17, 2022Updated 3 years ago
- A simple Sleepmask BOF example☆168Nov 24, 2025Updated 3 months ago
- ☆24Dec 18, 2022Updated 3 years ago
- Rex Shellcode Loader for AV/EDR evasion☆35Apr 7, 2024Updated last year
- beta☆120Sep 24, 2024Updated last year
- Awesome MalDev Links☆39Updated this week
- Use hardware breakpoint to dynamically change SSN in run-time☆279Apr 10, 2024Updated last year
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Help red teams find opsec processes during engagements☆42Dec 7, 2024Updated last year
- ☆44Oct 9, 2023Updated 2 years ago
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆19Mar 6, 2025Updated 11 months ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆202Jun 6, 2024Updated last year
- Process injection alternative☆406Sep 6, 2024Updated last year
- The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23☆23Jun 19, 2025Updated 8 months ago
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆51Apr 22, 2024Updated last year
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆210Jan 29, 2023Updated 3 years ago
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- Power Automate C2 (PAC2) : Stealth living-off-the-cloud C2 framework.☆36Apr 16, 2024Updated last year
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆67Feb 11, 2025Updated last year
- Locate dlls and function addresses without PEB Walk and EAT parsing☆104Nov 7, 2025Updated 3 months ago
- A process injection technique using only thread context manipulation☆41Dec 18, 2023Updated 2 years ago
- Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"☆146Aug 15, 2024Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- Scripts I use to deploy Havoc on Linode and setup categorization and SSL☆41May 31, 2024Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆427Feb 11, 2024Updated 2 years ago
- ☆152Oct 2, 2023Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Mar 16, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode☆201May 28, 2024Updated last year
- Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.☆62Feb 25, 2025Updated last year
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆200May 29, 2025Updated 9 months ago
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆118May 2, 2024Updated last year
- Lateral Movement via the .NET Profiler☆100Nov 21, 2024Updated last year