edr

There are 23 repositories under edr topic.

• BypassAV

  matro7sh / BypassAV

  This map lists the essential techniques to bypass anti-virus and EDR

  avbypassedrmindmappentestredteammarkdown
  2221

• bytedance / Elkeid

  Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

  cwppedrhidslinux-securityraspsecurity
  Language:Go 2112

• rabbitstack / fibratus

  A modern tool for Windows kernel exploration and tracing with a focus on security

  edrgolanginstrumentationpythonsecuritywindowswindows-kernel
  Language:Go 2086
• BLUESPAWN

  ION28 / BLUESPAWN

  An Active Defense and EDR software to empower Blue Teams

  active-defensewindowssecuritysecurity-toolsblue-teammitre-attackanti-virusedrthreat-hunting
  Language:C++ 1210

• 0xrawsec / whids

  Open Source EDR for Windows

  dfirthreat-huntingwindowsidssysmonedr
  Language:Go 1054

• Xacone / BestEdrOfTheMarket

  Little user-mode AV/EDR evasion lab for training & learning purposes

  defense-evasionedredr-evasionedr-testing
  Language:C++ 918

• tkmru / awesome-edr-bypass

  Awesome EDR Bypass Resources For Ethical Hacking

  awesome-listsedredr-bypass
  785

• jthuraisamy / TelemetrySourcerer

  Enumerate and disable common sources of telemetry used by AV/EDR.

  avedrevasionsecurity-tools
  Language:C++ 736

• xuanxuan0 / DripLoader

  Evasive shellcode loader for bypassing event-based injection detection (PoC)

  shellcodeshellcode-loadershellcode-injectoredrevasion-attacks
  Language:C++ 686

• wecooperate / iMonitor

  iMonitor（冰镜 - 终端行为分析系统）

  procmonsystemmonitoredropen-procmonmalware-analysisreverse-engineering
  Language:C++ 674

• naksyn / Pyramid

  a tool to help operate in EDRs' blind spots

  edredr-testinghackingpythonredteam-toolsredteaming
  Language:Python 615
• ScareCrow-CobaltStrike

  GeorgePatsias / ScareCrow-CobaltStrike

  Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

  cobaltstrike-cnaedrscarecrowbypass-antivirusevasiondllexewscriptmsiexeccontrolexcel
  Language:Python 447

• RoomaSec / RmEye

  戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

  edrsysmonthreat-hunting
  Language:Python 402
• KQL

  LearningKijo / KQL

  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

  edrincident-responsekqlkustothreat-huntingxdr
  398

• SitinCloud / Owlyshield

  Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

  cybersecurityantivirusbehavior-analysisransomwareedrmachine-learningmalwaremalware-analysismalware-researchthreat-huntingcommand-and-controlexfiltrationimpact
  Language:Rust 372

• wecooperate / iMonitorSDK

  系统监控开发套件（sysmon、procmon、edr、终端安全、主机安全、零信任、上网行为管理、沙箱）

  sysmondefenderedrsecurityprocmonendpoint-securitymonitoring-tooletwkernelzero-trustaccess-control
  Language:C++ 327

• zeroperil / HookDump

  Security product hook detection

  edrhookingredteam-tools
  Language:C++ 300

• NUL0x4C / KnownDllUnhook

  Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs

  bypassedr
  Language:C 281

• op7ic / EDR-Testing-Script

  Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

  edrmitreattsecurity-auditsecurityedr-solutionsincident-response
  Language:Batchfile 278

• kiding / wanna-see-a-whiter-white

  CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system

  csshdredrapple
  Language:HTML 270

• xuanxuan0 / TiEtwAgent

  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

  detectionsecurityinjectionedrmemory-scanning
  Language:C 231

• ion-storm / sysmon-edr

  Sysmon EDR POC Build within Powershell to prove ability.

  edrsysmonsysmon-edr
  Language:PowerShell 209
• BrightIntosh

  niklasr22 / BrightIntosh

  Unlock the full brightness of the XDR display of your MacBook Pro

  applebrightbrightnessbrightness-controlcollaboratedisplayedrhdrmacmacbookmacbook-promacosnitsswiftswiftuixdr
  Language:Swift 201

• utmstack / UTMStack

  Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

  compliancecorrelationedrincident-responselog-managementsiemthreat-intelligencethreat-managementutmstackxdr
  Language:Java 185

• reveng007 / ReflectiveNtdll

  A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

  antivirusbypassbypass-antivirusdropperedrevasionfiberimplantmalwarentdll-unhookingprocess-injectionsystemfunction033
  Language:C 160

• carbonblack / cbapi-python

  Carbon Black API - Python language bindings

  cbapicarbonblackapi-wrapperpython-bindingspythoncarbon-black-cloudcb-defensecb-threathuntercb-liveopscb-protectioncb-responseapp-controlendpoint-standardaudit-and-remediationenterprise-edrhosted-edredrsupported
  Language:Python 148

• TH3xACE / EDR-Test

  Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].

  aggressor-scriptscobalt-strikecobaltstrikeedrmitre-attackpurple-teampurpleteam
  143
• MDEtester

  LearningKijo / MDEtester

  MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.

  defenderforendpointedrpowershelltesting
  Language:PowerShell 140

• ars3n11 / MineSweeper

  Windows user-land hooks manipulation tool.

  hooksedrwindowsunhooking
  Language:C 137
• ForensicMiner

  securityjoes / ForensicMiner

  A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

  automationcortexcrowdstrikecyberdfiredrfastforensicsirmdrpowershellsecuritysocxdr
  Language:PowerShell 134

• redcanaryco / redcanary-response-utils

  Tools to automate and/or expedite response.

  edrsecurity-tools
  Language:Python 112

• UncoderIO / Uncoder_IO

  An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

  datalakeedrrootasiemsigmathreathuntingtranslationxdruncoderuncoderio
  Language:Python 105

• UncoderIO / RootA

  Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages

  datalakeedrrootasiemxdrrootalanguage
  102

• ProcessusT / Venoma

  Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

  antivirusbypassc2cobaltdropperedrmalwarepayloadpentestredstriketeamindirectsyscalls
  Language:C++ 96
• WhiteBeam

  WhiteBeamSec / WhiteBeam

  WhiteBeam: Transparent endpoint security

  edrrustsecurityeppwhitelistingapplication-whitelistingsecurity-hardening
  Language:Rust 95
• Condor

  MrEmpy / Condor

  「🛡️」AVs/EDRs Evasion tool

  antivirusantivirus-evasionavbypassdefenderedrevasionhackinginjectionloaderprotectionpythonsecurityshellcodewindowswindows-defenderxdr
  Language:Python 83