outflanknl / edr-internalsLinks
Tools for analyzing EDR agents
☆230Updated last year
Alternatives and similar repositories for edr-internals
Users that are interested in edr-internals are comparing it to the libraries listed below
Sorting:
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆265Updated 9 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆260Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆205Updated 6 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆188Updated 6 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆348Updated 4 months ago
- EDRSandblast-GodFault☆266Updated last year
- ☆189Updated last year
- ☆155Updated 6 months ago
- Open Source C&C Specification☆260Updated 3 months ago
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆179Updated 2 months ago
- ☆300Updated 7 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆314Updated 8 months ago
- kernel callback removal (Bypassing EDR Detections)☆177Updated 3 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆201Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆294Updated 2 years ago
- Windows rootkit designed to work with BYOVD exploits☆200Updated 5 months ago
- Find potential DLL Sideloads on your windows computer☆208Updated 5 months ago
- A set of programs for analyzing common vulnerabilities in COM☆215Updated 9 months ago
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and ��…☆166Updated 2 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated 11 months ago
- Apply a divide and conquer approach to bypass EDRs☆280Updated last year
- Stage 0☆161Updated 6 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆193Updated 2 years ago
- ☆199Updated 2 weeks ago
- SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.☆214Updated last month
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆242Updated 2 months ago
- Exploitation of process killer drivers☆201Updated last year
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆196Updated 3 months ago
- Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…☆231Updated last year