outflanknl / edr-internals
Tools for analyzing EDR agents
☆228Updated 10 months ago
Alternatives and similar repositories for edr-internals:
Users that are interested in edr-internals are comparing it to the libraries listed below
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆187Updated 4 months ago
- kernel callback removal (Bypassing EDR Detections)☆161Updated last month
- A PowerShell console in C/C++ with all the security features disabled☆228Updated last month
- Slides & Code snippets for a workshop held @ x33fcon 2024☆257Updated 10 months ago
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆164Updated last week
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆357Updated 4 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆261Updated 7 months ago
- ☆154Updated 4 months ago
- EDRSandblast-GodFault☆261Updated last year
- Windows Persistence IT-Security☆97Updated last month
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆237Updated 2 weeks ago
- A Mythic Agent written in PIC C.☆186Updated 2 months ago
- Find potential DLL Sideloads on your windows computer☆201Updated 3 months ago
- A set of programs for analyzing common vulnerabilities in COM☆210Updated 7 months ago
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆190Updated 3 weeks ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆198Updated 10 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆198Updated 4 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated 2 months ago
- ☆186Updated last year
- Windows rootkit designed to work with BYOVD exploits☆183Updated 3 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆205Updated 2 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 9 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆303Updated 6 months ago
- Stage 0☆156Updated 4 months ago
- Open Source C&C Specification☆243Updated last month
- Port of Cobalt Strike's Process Inject Kit☆173Updated 4 months ago
- Kill AV/EDR leveraging BYOVD attack☆352Updated last year
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆161Updated 4 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆290Updated last year