sh4hin

sh4hin's starred repositories

EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.

Language:PowerShell1179 47 24

EDRSilencer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Language:CMIT873 12 9

GraphRunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

Language:PowerShellMIT705 14 9

SOAPHound

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

Language:C#GPL-3.0557 11 10

MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

Language:PowerShellMIT407 8 2

MultiDump

MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.

Language:C398 4 1

lolcerts

A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors

Language:YARAApache-2.0304 100

Disable-Windows-Defender-

Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)

Language:C#259 3 2

SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.

Language:C++253 70

Invoke-ADEnum

Automate Active Directory Enumeration using PowerView

Language:PowerShellGPL-3.0222 5 1

Cobalt-Strike-Profiles-for-EDR-Evasion

Cobalt Strike Profiles for EDR Evasion

Language:Go170 4 1

EDRception

A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.

Language:C++151 20

dvenom

🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.

Language:GoMIT151 2 1

deploy-goad

Script to install prerequisites for deploying GOAD on Ubuntu Linux 22.04

Language:Shell92 3 7

CLR_Heap_encryption

Language:Rust91 20

Venoma

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

Language:C++90 5 3

s4killer

BYOVD process killer

Language:Rust7000

DrvMon

a monitoring windows driver calls kernel api tools

Language:C++6600

proctools

Small toolkit for extracting information and dumping sensitive strings from Windows processes

Language:C64 10

Learning-EDR-and-EDR_Evasion

I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.

Language:C++MIT62 50

CVE-2024-21626

PoC and Detection for CVE-2024-21626

55 3 1

unmanaged-dotnet-patch

Modify managed functions from unmanaged code

Language:C++MIT4200

EternelSuspention

a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless

Language:C#39 20

ExecRemoteNET

Execute Remote Assembly with args passing and with AMSI and ETW patching .

Language:C++MIT3100

go-ThreadlessInject

Golang implementation of @CCob's C# ThreadlessInject

Language:Go25 10

rspe

Simple Native Rust Reflective PE loader library

Language:RustMIT2400

CVE-2023-23397-PoC

Language:C#Apache-2.09 20

POC

Language:Python8 2 1

HalosGate-Cpl-C-

Halos Gate implementation in C++

Language:C++600

SharpIncrease

Evade Everything

Language:C#500