outflanknl / edr-internalsLinks
Tools for analyzing EDR agents
☆274Updated last year
Alternatives and similar repositories for edr-internals
Users that are interested in edr-internals are comparing it to the libraries listed below
Sorting:
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆319Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆277Updated last year
- Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…☆323Updated 2 months ago
- ☆105Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆208Updated last year
- ☆159Updated last year
- EDRSandblast-GodFault☆270Updated 2 years ago
- ☆192Updated last year
- ☆121Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆275Updated last year
- A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.☆254Updated 3 months ago
- A set of programs for analyzing common vulnerabilities in COM☆244Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Updated last year
- Windows rootkit designed to work with BYOVD exploits☆211Updated 11 months ago
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆105Updated last year
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆335Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆362Updated 10 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆139Updated last year
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆153Updated 4 months ago
- kernel callback removal (Bypassing EDR Detections)☆206Updated last month
- A Mythic Agent written in PIC C.☆207Updated 10 months ago
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆202Updated 9 months ago
- Detect WFP filters blocking EDR communications☆96Updated last year
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆171Updated 2 years ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆164Updated 5 months ago
- Local & remote Windows DLL Proxying☆169Updated last year
- ☆302Updated last year
- Open Source C&C Specification☆277Updated 10 months ago
- Windows Persistence IT-Security☆108Updated 9 months ago
- early cascade injection PoC based on Outflanks blog post☆235Updated last year