senzee1984 / EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆379Updated 6 months ago
Alternatives and similar repositories for EDRPrison:
Users that are interested in EDRPrison are comparing it to the libraries listed below
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆516Updated last month
- Simulate the behavior of AV/EDR for malware development training.☆460Updated last year
- Kill AV/EDR leveraging BYOVD attack☆336Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆287Updated 10 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆246Updated 10 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆421Updated last week
- A beacon object file implementation of PoolParty Process Injection Technique.☆367Updated last year
- ☆343Updated 2 months ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆559Updated 6 months ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆383Updated 7 months ago
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆398Updated 11 months ago
- Bypassing UAC with SSPI Datagram Contexts☆427Updated last year
- Terminate AV/EDR Processes using kernel driver☆339Updated last year
- shellcode loader for your evasion needs☆311Updated 3 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆274Updated 8 months ago
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆412Updated last year
- A BOF that runs unmanaged PEs inline☆572Updated 3 months ago
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆431Updated last week
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆291Updated 4 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆256Updated last week
- Collection of UAC Bypass Techniques Weaponized as BOFs☆452Updated 11 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆342Updated 2 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆475Updated last year
- Open Source C&C Specification☆232Updated this week
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆269Updated 8 months ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆444Updated 7 months ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆386Updated 8 months ago
- Credential Guard Bypass Via Patching Wdigest Memory☆314Updated 2 years ago
- Protected Process Dumper Tool☆529Updated last year
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆390Updated last year