Alternatives and similar repositories for vEDR

Users that are interested in vEDR are comparing it to the libraries listed below

• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆76Updated last month
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆31Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 3 years ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆79Updated 2 years ago
• redt1de / MaldevEDR
  EDR/AV Simulation for Malware Development
  ☆13Updated last year
• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆48Updated 3 years ago
• 0xMegaByte / COM-Explained
  ☆25Updated 2 years ago
• t-tani / defender2yara
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆78Updated this week
• jdu2600 / API-To-ETW
  Uses ghidra to find all ETW write metadata for each API in a PE file
  ☆19Updated 10 months ago
• AlionGreen / apc-injection
  Process Injection: APC Injection
  ☆32Updated 4 years ago
• C5Hackr / c_syscalls
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆31Updated 11 months ago
• rbmm / RtlClone
  ☆40Updated 3 months ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆47Updated last year
• rad9800 / RansomFS
  ☆31Updated 3 months ago
• listinvest / undonut
  Unpacker for donut shellcode
  ☆17Updated 4 years ago
• 7eRoM / elam
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆33Updated 3 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• scrt / KexecDDPlus
  Exploiting the KsecDD Windows driver through Server Silos
  ☆71Updated 6 months ago
• t0-retooling / defender-recon24
  ☆52Updated 7 months ago
• rad9800 / VehApiResolve
  ☆113Updated 2 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆90Updated 11 months ago
• nccgroup / mimikatz-detector-condrv
  The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …
  ☆39Updated 2 years ago
• RedTeamOperations / VEH-PoC
  ☆115Updated 2 years ago
• susMdT / effective-waffle
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69Updated 2 years ago
• rbmm / LdrpKernel32DllName
  ☆84Updated last year
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 11 months ago
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆68Updated 3 years ago
• Hagrid29 / herpaderply_hollowing
  Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
  ☆56Updated 2 years ago
• Cracked5pider / unguard-eat
  havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
  ☆30Updated 10 months ago
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆41Updated last year