edr
There are 28 repositories under edr topic.
- BypassAV
bytedance / Elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
Language:Go 2372rabbitstack / fibratus
Adversary tradecraft detection, protection, and hunting
Language:Go 2289- BLUESPAWNLanguage:C++ 1294
- Language:Go 1273
- BestEdrOfTheMarket
Xacone / BestEdrOfTheMarket
AV/EDR Evasion Lab for Training & Learning Purposes
Language:C++ 1230 tkmru / awesome-edr-bypass
Awesome EDR Bypass Resources For Ethical Hacking
xuanxuan0 / DripLoader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
Language:C++ 807jthuraisamy / TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
Language:C++ 789wecooperate / iMonitor
iMonitor(冰镜 - 终端行为分析系统)
Language:C++ 746- Language:Python 724
- Language:Python 507
- KQL
LearningKijo / KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
- ScareCrow-CobaltStrike
GeorgePatsias / ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Language:Python 464 SitinCloud / Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
Language:Rust 416- BrightIntosh
niklasr22 / BrightIntosh
Unlock the full brightness of the XDR display of your MacBook Pro
Language:Swift 411 The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
Language:C++ 352kiding / wanna-see-a-whiter-white
CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system
Language:HTML 318- Language:C++ 317
op7ic / EDR-Testing-Script
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
Language:Batchfile 301NUL0x4C / KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Language:C 294theSecHunter / Hades-Windows
Hades HIDS/HIPS for Windows
Language:C++ 278PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
Language:C 269- Language:PowerShell 224
- MDEtester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
Language:PowerShell 188 ProcessusT / Venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
Language:C++ 174reveng007 / ReflectiveNtdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Language:C 171V-i-x-x / kernel-callback-removal
kernel callback removal (Bypassing EDR Detections)
Language:C++ 160- ForensicMiner
securityjoes / ForensicMiner
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Language:PowerShell 157 UncoderIO / Uncoder_IO
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
Language:Python 148carbonblack / cbapi-python
Carbon Black API - Python language bindings
Language:Python 145- Language:C 142
- Language:Python 113
starkdmi / BrightXDR
Free and Open Source alternative to Vivid macOS application to extend Apple XDR display brightness from 500 up to 1600 nits.
Language:Swift 113
