There are 23 repositories under edr topic.
A modern tool for Windows kernel exploration and tracing with a focus on security
Little user-mode AV/EDR evasion lab for training & learning purposes
Awesome EDR Bypass Resources For Ethical Hacking
Enumerate and disable common sources of telemetry used by AV/EDR.
Evasive shellcode loader for bypassing event-based injection detection (PoC)
iMonitor(冰镜 - 终端行为分析系统)
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
系统监控开发套件(sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱)
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
Unlock the full brightness of the XDR display of your MacBook Pro
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Carbon Black API - Python language bindings
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
WhiteBeam: Transparent endpoint security