Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-edr-bypass
Awesome EDR Bypass Resources For Ethical Hacking
https://github.com/tkmru/awesome-edr-bypass
Last synced: 2 days ago
JSON representation
-
Presentation
- Dirty Vanity: A New Approach to Code Injection & EDR Bypass - Black Hat Europe 2022
- talks/Diego Capriotti - DEFCON30 Adversary Village - Python vs Modern Defenses.pdf
- Develop Your Own Rat
- EDR Evasion Primer for Red Teamers - Karsten Nohl & Jorge Gimenez - Hack in the Box 2022 Singapore
- EDR Reloaded: Erase Data Remotely - Black Hat Asia 2024 | Briefings Schedule
-
Blog
-
- Living-Off-the-Blindspot - Operating into EDRs’ blindspot | Naksyn’s blog
- PEP 578 – Python Runtime Audit Hooks
- Bypass CrowdStrike Falcon EDR protection against process dump like lsass.exe | by bilal al-qurneh | Medium
- State-of-the-art EDRs are not perfect, fail to detect common attacks - The Record from Recorded Future News
- An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
- A tale of EDR bypass methods | S3cur3Th1sSh1t
- Blindside: A New Technique for EDR Evasion with Hardware Breakpoints - Cymulate
- Attacking an EDR - Part 1
- Attacking an EDR - Part 2
- The Dark Side of EDR: Repurpose EDR as an Offensive Tool - Black Hat Asia 2024
- The Dark Side of EDR: Repurpose EDR as an Offensive Tool | SafeBreach
-
macOS
-
-
PoC
- trickster0/TartarusGate: TartarusGate, Bypassing EDRs
- am0nsec/HellsGate: Original C Implementation of the Hell's Gate VX Technique
- Maldev-Academy/HellHall: Performing Indirect Clean Syscalls
- TheD1rkMtr/UnhookingPatch: Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
- RedTeamOperations/Journey-to-McAfee
- op7ic/EDR-Testing-Script: Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
- zer0condition/mhydeath: Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
- Mr-Un1k0d3r/RedTeamCCode: Red Team C code repo
- TheD1rkMtr/UnhookingPatch: Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
- Mr-Un1k0d3r/RedTeamCCode: Red Team C code repo
- BYOSI: Bypass EDR by bringing your own script interpreter
- Polydrop: Expanded BYOSI attack, leverages 12 additional languages.
- senzee1984/EDRPrison: Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
-
Tool
- tanc7/EXOCET-AV-Evasion: EXOCET - AV-evading, undetectable, payload delivery tool
- naksyn/Pyramid: a tool to help operate in EDRs' blind spots
- Yaxser/Backstab: A tool to kill antimalware protected processes
- klezVirus/inceptor: Template-Driven AV/EDR Evasion Framework
- georgesotiriadis/Chimera: Automated DLL Sideloading Tool With EDR Evasion Capabilities
- Yaxser/Backstab: A tool to kill antimalware protected processes
-
Workshop
-
Other awesome series
-
Book
Programming Languages
Sub Categories
Keywords
edr-bypass
4
edr
2
av-evasion
2
process-injection
2
dinvoke
1
code-injection
1
av-edr-bypass
1
av-bypass
1
amsi-evasion
1
amsi-bypass
1
redteaming
1
redteam-tools
1
python
1
hacking
1
edr-testing
1
security-audit
1
security
1
mitre
1
incident-response
1
edr-solutions
1
att
1
syscalls
1
redteam
1
powershell
1
php
1
edr-evasion
1
red-team-ops
1
opsec
1
havoc
1
active-directory
1
python3
1
offensive-security
1
dll-sideloading
1
cpp
1
assembly
1
red-teaming
1
red-team
1
pinvoke
1
pe-packer
1
payload-generator
1
obfuscation
1
edrs
1