trickster0 / EDR_DetectorLinks
EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.
โ95Updated 3 years ago
Alternatives and similar repositories for EDR_Detector
Users that are interested in EDR_Detector are comparing it to the libraries listed below
Sorting:
- Executables on Disk? Bleh ๐คฎโ101Updated 2 years ago
- Just some Rust process injector POCs, nothing weird.โ81Updated 3 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projectsโ147Updated 3 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memoryโ158Updated 4 years ago
- Command & Control server and agent written in Rustโ35Updated 2 years ago
- AV/EDR evasion via direct system calls.โ108Updated last year
- โ147Updated 2 years ago
- POC tools for exploring SMB over QUIC protocolโ128Updated 3 years ago
- โ88Updated 3 years ago
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX sectionโ106Updated 2 years ago
- DLL Hijack Search Order Enumeration BOFโ151Updated 3 years ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally โฆโ88Updated 2 years ago
- WIP shellcode loader in nim with EDR evasion techniquesโ220Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDRโ103Updated 4 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platformsโ130Updated 2 years ago
- Kerberos protocol attackerโ137Updated 4 years ago
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)โ66Updated 2 years ago
- Convert shellcode generated using pe_2_shellcode to cdb format.โ99Updated 3 years ago
- โ70Updated 3 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog postโ101Updated 2 years ago
- Automated compiler obfuscation for nimโ139Updated 3 years ago
- Exploring in-memory execution of .NETโ139Updated 3 years ago
- Windows MSI Installer LPE (CVE-2021-43883)โ78Updated 3 years ago
- Weaponizing for privileged file writes bugs with PrintNotify Serviceโ134Updated 3 years ago
- ๐พDogwalk PoC (using diagcab file to obtain RCE on windows)โ80Updated 3 years ago
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programsโ96Updated 3 years ago
- โ113Updated 3 years ago
- Shellcode loader designed for evasion. Coded in Rust.โ132Updated 2 years ago
- Reuse open handles to dynamically dump LSASS.โ246Updated last year
- Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.โ149Updated 2 years ago