☆63Apr 4, 2024Updated last year
Alternatives and similar repositories for AV_EDR_EPP_Notes
Users that are interested in AV_EDR_EPP_Notes are comparing it to the libraries listed below
Sorting:
- ☆15Jul 13, 2024Updated last year
- CobaltStrike4.5 Sleeve解密文件,搬砖加一点点修改, 仅作备份使用.☆34Jun 17, 2022Updated 3 years ago
- ☆24Dec 18, 2022Updated 3 years ago
- Help red teams find opsec processes during engagements☆42Dec 7, 2024Updated last year
- ☆44Oct 9, 2023Updated 2 years ago
- ☆12Feb 28, 2023Updated 3 years ago
- 小玩具,用来快速检测银狐家族恶意程序,和部分RAT/C2产品☆68Jan 7, 2025Updated last year
- A simple Sleepmask BOF example☆171Nov 24, 2025Updated 3 months ago
- beta☆119Sep 24, 2024Updated last year
- ☆102Sep 14, 2022Updated 3 years ago
- Rex Shellcode Loader for AV/EDR evasion☆35Apr 7, 2024Updated last year
- Use hardware breakpoint to dynamically change SSN in run-time☆280Apr 10, 2024Updated last year
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆51Apr 22, 2024Updated last year
- Process injection alternative☆407Sep 6, 2024Updated last year
- ☆22Dec 16, 2023Updated 2 years ago
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆426Feb 11, 2024Updated 2 years ago
- A process injection technique using only thread context manipulation☆41Dec 18, 2023Updated 2 years ago
- A little tool to play with the Seclogon service☆326Jul 10, 2022Updated 3 years ago
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆210Jan 29, 2023Updated 3 years ago
- Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)☆21Oct 18, 2024Updated last year
- 一个demo☆23Apr 2, 2024Updated last year
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode☆203May 28, 2024Updated last year
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Mar 16, 2024Updated 2 years ago
- 重构Beacon☆165Aug 19, 2024Updated last year
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆199May 29, 2025Updated 9 months ago
- Golang 写的免杀框架,通过系统调用等手法bypass AV/EDR☆23Jul 11, 2024Updated last year
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆19Mar 6, 2025Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆326Apr 12, 2024Updated last year
- An example reference design for a proposed BOF PE☆204Jan 23, 2026Updated last month
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆69Mar 8, 2026Updated last week