roadwy / DefenderYara

Related projects ⓘ

Alternatives and complementary repositories for DefenderYara

• thefLink / Hunt-Sleeping-Beacons
  Aims to identify sleeping beacons
  ☆489Updated 5 months ago
• jsecurity101 / MSRPC-to-ATTACK
  A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
  ☆311Updated last year
• senzee1984 / EDRPrison
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆287Updated 3 months ago
• Dec0ne / DllNotificationInjection
  A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…
  ☆434Updated last year
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆194Updated last year
• thefLink / Hunt-Weird-Syscalls
  ETW based POC to identify direct and indirect syscalls
  ☆173Updated last year
• trickster0 / TartarusGate
  TartarusGate, Bypassing EDRs
  ☆533Updated 2 years ago
• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆147Updated last month
• jsecurity101 / TelemetrySource
  ☆222Updated 6 months ago
• Cobalt-Strike / CallStackMasker
  A PoC implementation for dynamically masking call stacks with timers.
  ☆250Updated last year
• gabriellandau / EDRSandblast-GodFault
  EDRSandblast-GodFault
  ☆240Updated last year
• MalwareTech / EDR-Preloader
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆454Updated 9 months ago
• NVISOsecurity / CobaltWhispers
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆227Updated last year
• pathtofile / Sealighter
  Sysmon-Like research tool for ETW
  ☆336Updated 2 years ago
• huntandhackett / concealed_code_execution
  Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows
  ☆199Updated 2 years ago
• gabriellandau / PPLFault
  ☆506Updated 8 months ago
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆301Updated last year
• securifybv / Visual-Studio-BOF-template
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆282Updated 3 years ago
• senzee1984 / MutationGate
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆234Updated 7 months ago
• strozfriedberg / cobaltstrike-config-extractor
  Cobalt Strike Beacon configuration extractor and parser.
  ☆145Updated 3 years ago
• boku7 / AsmHalosGate
  x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
  ☆193Updated last year
• capt-meelo / laZzzy
  laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
  ☆461Updated last year
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆325Updated 5 months ago
• 0xEr3bus / PoolPartyBof
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆324Updated 11 months ago
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆209Updated 5 months ago
• Bw3ll / ShellWasp
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆160Updated last year
• waldo-irc / YouMayPasser
  You shall pass
  ☆249Updated 2 years ago
• DamonMohammadbagher / ETWProcessMon2
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆292Updated 8 months ago
• f1zm0 / acheron
  indirect syscalls for AV/EDR evasion in Go assembly
  ☆307Updated last year