tkmru/awesome-edr-bypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

tkmru/awesome-edr-bypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/tkmru/awesome-edr-bypass)

Close

tkmru / awesome-edr-bypassView on GitHubMore

• External links
• Readme badge

Awesome EDR Bypass Resources For Ethical Hacking

☆1,517Jan 26, 2026Updated 2 months ago

Alternatives and similar repositories for awesome-edr-bypass

Users that are interested in awesome-edr-bypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Xacone / BestEdrOfTheMarket

  View on GitHub
  EDR Lab for Experimentation Purposes
  ☆1,427Mar 1, 2026Updated last month
• matro7sh / BypassAV

  View on GitHub
  This map lists the essential techniques to bypass anti-virus and EDR
  ☆3,186Mar 28, 2025Updated last year
• georgesotiriadis / Chimera

  View on GitHub
  Automated DLL Sideloading Tool With EDR Evasion Capabilities
  ☆506Dec 19, 2023Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆791Jan 26, 2026Updated 2 months ago
• netero1010 / EDRSilencer

  View on GitHub
  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
  ☆1,849Nov 3, 2024Updated last year
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• ZeroMemoryEx / Terminator

  View on GitHub
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆1,050Jun 20, 2023Updated 2 years ago
• lsecqt / OffensiveCpp

  View on GitHub
  This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
  ☆762Jan 26, 2025Updated last year
• Helixo32 / CrimsonEDR

  View on GitHub
  Simulate the behavior of AV/EDR for malware development training.
  ☆565Feb 15, 2024Updated 2 years ago
• wavestone-cdt / EDRSandblast

  View on GitHub
  ☆1,803Aug 30, 2024Updated last year
• ZeroMemoryEx / Blackout

  View on GitHub
  kill anti-malware protected processes ( BYOVD )
  ☆971Jul 21, 2023Updated 2 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,197Oct 16, 2023Updated 2 years ago
• klezVirus / inceptor

  View on GitHub
  Template-Driven AV/EDR Evasion Framework
  ☆1,793Nov 3, 2023Updated 2 years ago
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆547Feb 13, 2024Updated 2 years ago
• klezVirus / SysWhispers3

  View on GitHub
  SysWhispers on Steroids - AV/EDR evasion via direct system calls.
  ☆1,616Jul 31, 2024Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆813Sep 4, 2024Updated last year
• optiv / Freeze.rs

  View on GitHub
  Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
  ☆721Aug 18, 2023Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,011Jun 4, 2024Updated last year
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆463Aug 2, 2024Updated last year
• Dec0ne / HWSyscalls

  View on GitHub
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆722Jul 19, 2023Updated 2 years ago
• aahmad097 / AlternativeShellcodeExec

  View on GitHub
  Alternative Shellcode Execution Via Callbacks
  ☆1,708Nov 11, 2022Updated 3 years ago
• Helixo32 / NimBlackout

  View on GitHub
  Kill AV/EDR leveraging BYOVD attack
  ☆397Jul 11, 2023Updated 2 years ago
• helviojunior / hookchain

  View on GitHub
  HookChain: A new perspective for Bypassing EDR Solutions
  ☆596Jan 5, 2025Updated last year
• gatariee / gocheck

  View on GitHub
  Because AV evasion should be easy.
  ☆862Nov 28, 2024Updated last year
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆413Jan 11, 2026Updated 3 months ago
• zer0condition / mhydeath

  View on GitHub
  Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
  ☆411Mar 16, 2026Updated last month
• SafeBreach-Labs / PoolParty

  View on GitHub
  A set of fully-undetectable process injection techniques abusing Windows Thread Pools
  ☆1,256Dec 11, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆376Apr 19, 2023Updated 3 years ago
• matthieu-hackwitharts / Win32_Offensive_Cheatsheet

  View on GitHub
  Win32 and Kernel abusing techniques for pentesters
  ☆977Sep 3, 2023Updated 2 years ago
• 0xHossam / Killer

  View on GitHub
  Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.
  ☆836Jul 2, 2024Updated last year
• optiv / Freeze

  View on GitHub
  Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
  ☆1,472Aug 18, 2023Updated 2 years ago
• S3cur3Th1sSh1t / Caro-Kann

  View on GitHub
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆409Sep 12, 2023Updated 2 years ago
• fortra / nanodump

  View on GitHub
  The swiss army knife of LSASS dumping
  ☆2,088Sep 17, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,317Dec 7, 2023Updated 2 years ago
• brosck / Awesome-AV-EDR-XDR-Bypass

  View on GitHub
  Awesome AV/EDR/XDR Bypass Tips
  ☆287Apr 23, 2023Updated 2 years ago
• senzee1984 / Amsi_Bypass_In_2023

  View on GitHub
  Amsi Bypass payload that works on Windwos 11
  ☆380Jul 30, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,376Oct 27, 2023Updated 2 years ago
• icyguider / Shhhloader

  View on GitHub
  Syscall Shellcode Loader (Work in Progress)
  ☆1,259May 8, 2024Updated last year
• trickster0 / TartarusGate

  View on GitHub
  TartarusGate, Bypassing EDRs
  ☆661Jan 25, 2022Updated 4 years ago
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆311Dec 9, 2023Updated 2 years ago