outflanknl / edr-internals
Tools for analyzing EDR agents
☆221Updated 9 months ago
Alternatives and similar repositories for edr-internals:
Users that are interested in edr-internals are comparing it to the libraries listed below
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆308Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆192Updated 2 months ago
- ☆148Updated 3 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆182Updated 3 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆254Updated 8 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆256Updated 5 months ago
- A Mythic Agent written in PIC C.☆175Updated last month
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆298Updated 5 months ago
- ☆186Updated last year
- Find potential DLL Sideloads on your windows computer☆176Updated 2 months ago
- Collect Windows telemetry for Maldev☆312Updated last month
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 7 months ago
- EDRSandblast-GodFault☆250Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- "Service-less" driver loading☆148Updated 3 months ago
- ☆296Updated 4 months ago
- ☆105Updated 8 months ago
- Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…☆216Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆195Updated 9 months ago
- Stage 0☆153Updated 2 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆231Updated 3 months ago
- Windows rootkit designed to work with BYOVD exploits☆168Updated last month
- Open Source C&C Specification☆239Updated last week
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆347Updated 3 months ago
- ☆103Updated 4 months ago
- ☆155Updated 9 months ago
- Evade EDR's the simple way, by not touching any of the API's they hook.☆87Updated last month
- Local & remote Windows DLL Proxying☆161Updated 8 months ago
- ☆189Updated 5 months ago