olafhartong / BamboozlEDRLinks
A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
☆254Updated 3 months ago
Alternatives and similar repositories for BamboozlEDR
Users that are interested in BamboozlEDR are comparing it to the libraries listed below
Sorting:
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆91Updated last year
- ☆161Updated 11 months ago
- Detect WFP filters blocking EDR communications☆96Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆208Updated last year
- Find potential DLL Sideloads on your windows computer☆216Updated 11 months ago
- Persist like a Dodder☆66Updated 7 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆100Updated 8 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆210Updated last year
- Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.☆107Updated 3 weeks ago
- ☆159Updated last year
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆139Updated last year
- Evade EDR's the simple way, by not touching any of the API's they hook.☆169Updated 11 months ago
- ☆229Updated 6 months ago
- Group Policy Objects manipulation and exploitation framework☆283Updated 3 weeks ago
- PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads☆233Updated 2 months ago
- Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges☆173Updated 4 months ago
- BloodHound PowerShell client☆75Updated 3 weeks ago
- A Mythic Agent written in PIC C.☆207Updated 10 months ago
- Adversary Emulation Framework☆128Updated 6 months ago
- ☆121Updated last year
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆164Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆214Updated last year
- C2 Infrastructure Automation☆115Updated 6 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆164Updated 5 months ago
- Advanced In-Memory PowerShell Process Injection Framework☆72Updated 5 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆212Updated last month
- ☆192Updated last year
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆418Updated 6 months ago
- Tool for viewing NTDS.dit☆190Updated 9 months ago
- ☆122Updated 4 years ago