bigbrobro's starred repositories
awesome-linux-attack-forensics-purplelabs
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
WatchAD2.0
WatchAD2.0是一款针对域威胁的日志分析与监控系统
PoolPartyBof
A beacon object file implementation of PoolParty Process Injection Technique.
SharpGhostTask
A C# port from Invoke-GhostTask
SignToolEx
Patching "signtool.exe" to accept expired certificates for code-signing.
EDRNoiseMaker
Detect WFP filters blocking EDR communications
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
BestEdrOfTheMarket
Little user-mode AV/EDR evasion lab for training & learning purposes
Huorong-ATP-Rules
一款火绒增强HIPS自定义规则
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
WhitePondSecurityKG
这是一个网络安全知识图谱开源平台,为网络安全的智能化、体系化开阔新方向,对行业发展贡献绵薄之力。