wavestone-cdt / EDRSandblast
☆1,457Updated 2 weeks ago
Related projects: ⓘ
- ☆1,980Updated last year
- LSASS memory dumper using direct system calls and API unhooking.☆1,469Updated 3 years ago
- The swiss army knife of LSASS dumping☆1,738Updated 2 weeks ago
- A tool to kill antimalware protected processes☆1,370Updated 3 years ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆1,009Updated 3 months ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,261Updated last month
- Template-Driven AV/EDR Evasion Framework☆1,573Updated 10 months ago
- Spartacus DLL/COM Hijacking Toolkit☆976Updated 7 months ago
- ☆718Updated 11 months ago
- Open-Source Shellcode & PE Packer☆1,812Updated 7 months ago
- Living Off The Land Drivers☆983Updated last week
- Alternative Shellcode Execution Via Callbacks☆1,409Updated last year
- A modern 64-bit position independent implant template☆1,000Updated 4 months ago
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,066Updated 2 months ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,137Updated 11 months ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,241Updated 9 months ago
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆910Updated 9 months ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,094Updated 3 years ago
- Situational Awareness commands implemented using Beacon Object Files☆1,222Updated last week
- Project for tracking publicly disclosed DLL Hijacking opportunities.☆651Updated last week
- Some notes and examples for cobalt strike's functionality☆969Updated 2 years ago
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆905Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆658Updated 6 months ago
- AV/EDR evasion via direct system calls.☆1,518Updated 2 years ago
- The Hunt for Malicious Strings☆1,048Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆865Updated 3 months ago
- Little user-mode AV/EDR evasion lab for training & learning purposes☆976Updated 4 months ago
- ☆558Updated 2 months ago
- PoCs and tools for investigation of Windows process execution techniques☆868Updated 3 months ago
- AV/EDR evasion via direct system calls.☆1,772Updated last year