roadwy / DefenderYaraLinks
Extracted Yara rules from Windows Defender mpavbase and mpasbase
☆425Updated last month
Alternatives and similar repositories for DefenderYara
Users that are interested in DefenderYara are comparing it to the libraries listed below
Sorting:
- Aims to identify sleeping beacons☆596Updated 5 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆329Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆939Updated last year
- CPP AV/EDR Killer☆414Updated last year
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆416Updated 10 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆499Updated last year
- ☆368Updated 5 months ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆607Updated 2 weeks ago
- Simulate the behavior of AV/EDR for malware development training.☆528Updated last year
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆409Updated 10 months ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆479Updated 2 years ago
- Collect Windows telemetry for Maldev☆352Updated 3 months ago
- TartarusGate, Bypassing EDRs☆585Updated 3 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆558Updated 5 months ago
- AV/EDR Lab environment setup references to help in Malware development☆385Updated 3 months ago
- ☆542Updated last year
- Kill AV/EDR leveraging BYOVD attack☆359Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆394Updated last year
- A BOF that runs unmanaged PEs inline☆603Updated 7 months ago
- ☆247Updated last year
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆440Updated 2 weeks ago
- Bypassing UAC with SSPI Datagram Contexts☆439Updated last year
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆671Updated last year
- Protected Process Dumper Tool☆549Updated last year
- Creating a repository with all public Beacon Object Files (BoFs)☆502Updated last year
- ☆541Updated 2 months ago
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆599Updated 11 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆172Updated last month
- Some POCs for my BYOVD research and find some vulnerable drivers☆217Updated last week