Projects in Awesome Lists tagged with edr
A curated list of projects in awesome lists tagged with edr .
https://github.com/bytedance/elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
cwpp edr hids linux-security rasp security
Last synced: 14 May 2025
https://github.com/rabbitstack/fibratus
Adversary tradecraft detection, protection, and hunting
adversary blueteam edr etw golang instrumentation mitre python security windows windows-kernel
Last synced: 13 May 2025
https://github.com/bytedance/Elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
cwpp edr hids linux-security rasp security
Last synced: 30 Mar 2025
https://github.com/ion28/bluespawn
An Active Defense and EDR software to empower Blue Teams
active-defense anti-virus blue-team edr mitre-attack security security-tools threat-hunting windows
Last synced: 16 May 2025
https://github.com/ION28/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
active-defense anti-virus blue-team edr mitre-attack security security-tools threat-hunting windows
Last synced: 30 Mar 2025
https://github.com/0xrawsec/whids
Open Source EDR for Windows
dfir edr ids sysmon threat-hunting windows
Last synced: 16 May 2025
https://github.com/xacone/bestedrofthemarket
Little AV/EDR evasion lab for training & learning purposes
defense-evasion edr edr-evasion edr-testing
Last synced: 12 Apr 2025
https://github.com/jthuraisamy/telemetrysourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
Last synced: 04 Apr 2025
https://github.com/xuanxuan0/driploader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
edr evasion-attacks shellcode shellcode-injector shellcode-loader
Last synced: 04 Apr 2025
https://github.com/wecooperate/iMonitor
iMonitor(冰镜 - 终端行为分析系统)
edr malware-analysis open-procmon procmon reverse-engineering systemmonitor
Last synced: 21 Jul 2025
https://github.com/xuanxuan0/DripLoader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
edr evasion-attacks shellcode shellcode-injector shellcode-loader
Last synced: 11 Jul 2025
https://github.com/naksyn/Pyramid
a tool to help operate in EDRs' blind spots
edr edr-testing hacking python redteam-tools redteaming
Last synced: 12 Apr 2025
https://github.com/RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Last synced: 12 Jul 2025
https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
bypass-antivirus cobaltstrike-cna control dll edr evasion excel exe msiexec scarecrow wscript
Last synced: 12 Jul 2025
https://github.com/LearningKijo/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
edr incident-response kql kusto threat-hunting xdr
Last synced: 10 Apr 2025
https://github.com/SitinCloud/Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
antivirus behavior-analysis command-and-control cybersecurity edr exfiltration impact machine-learning malware malware-analysis malware-research ransomware threat-hunting
Last synced: 16 Jul 2025
https://github.com/wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
access-control defender edr endpoint-security etw kernel monitoring-tool procmon security sysmon zero-trust
Last synced: 11 Jul 2025
https://github.com/op7ic/EDR-Testing-Script
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
att edr edr-solutions incident-response mitre security security-audit
Last synced: 12 Apr 2025
https://github.com/niklasr22/BrightIntosh
Unlock the full brightness of the XDR display of your MacBook Pro
apple bright brightness brightness-control display edr hdr mac macbook macbook-pro macos nits swift swiftui xdr
Last synced: 15 Jul 2025
https://github.com/xuanxuan0/TiEtwAgent
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
detection edr injection memory-scanning security
Last synced: 11 Jul 2025
https://github.com/0xflux/Sanctum
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
antivirus antivirus-software blue-team cyber-security driver edr kernel-driver malware-analysis malware-research red-team rust rust-driver rust-edr rust-windows rust-windows-driver tauri tauri-app windows-driver windows-rust
Last synced: 11 Jun 2025
https://github.com/ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
Last synced: 05 May 2025
https://github.com/utmstack/UTMStack
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
compliance correlation edr incident-response log-management siem threat-intelligence threat-management utmstack xdr
Last synced: 30 Apr 2025
https://github.com/LearningKijo/MDEtester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
defenderforendpoint edr powershell testing
Last synced: 10 Apr 2025
https://github.com/reveng007/reflectiventdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
antivirus bypass bypass-antivirus dropper edr evasion fiber implant malware ntdll-unhooking process-injection systemfunction033
Last synced: 02 May 2025
https://github.com/th3xace/edr-test
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
aggressor-scripts cobalt-strike cobaltstrike edr mitre-attack purple-team purpleteam
Last synced: 02 Jan 2026
https://github.com/securityjoes/ForensicMiner
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
automation cortex crowdstrike cyber dfir edr fast forensics ir mdr powershell security soc xdr
Last synced: 11 May 2025
https://github.com/redcanaryco/redcanary-response-utils
Tools to automate and/or expedite response.
Last synced: 11 Apr 2025
https://github.com/starkdmi/brightxdr
Free and Open Source alternative to Vivid macOS application to extend Apple XDR display brightness from 500 up to 1600 nits.
apple brightness display edr hdr lunar macbook-pro macos swift swiftui vivid xdr
Last synced: 14 Apr 2025
https://github.com/brosck/condor
「🛡️」AVs/EDRs Evasion tool
antivirus antivirus-evasion av bypass defender edr evasion hacking injection loader protection python security shellcode windows windows-defender xdr
Last synced: 06 Apr 2025
https://github.com/processust/unhookingdll
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
bypass dll-unhooking edr etw process-hollowing shellcode
Last synced: 16 Oct 2025
https://github.com/tarsal-oss/kflowd
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
co-re detection dlp dns dpi ebpf edr filesystem http monitoring netflow siem syslog tcp udp virus vulnerability xdr
Last synced: 10 Apr 2025
https://github.com/0xflux/sanctum
Sanctum is a proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
antivirus antivirus-software blue-team cyber-security driver edr kernel-driver malware-analysis malware-research red-team rust rust-driver rust-edr rust-windows rust-windows-driver tauri tauri-app windows-driver windows-rust
Last synced: 04 Apr 2025
https://github.com/kara-4search/hookdetection_csharp
HookDetection
csharp edr hook-functions hookdetect pentest redteam redteam-tools windows-defender
Last synced: 23 Apr 2025
https://github.com/yardenshafir/conference_talks
Slides from various conference talks
conference-talk edr exploitation mitigation windows windows-internals
Last synced: 14 Apr 2025
https://github.com/nasbench/sedr-internals
Symantec EDR Internals
detection edr endpoint endpoint-detection-response internals sedr symantec windows
Last synced: 25 Oct 2025
https://github.com/kara-4search/earlybirdinjection_csharp
Inject shellcode into process via "EarlyBird"
apc bypass csharp earlybird edr injection process-injection redteam shellcode
Last synced: 17 Jul 2025
https://github.com/0xflux/etw-bypass-rust
Event Tracing for Windows EDR bypass in Rust (usermode)
edr edr-bypass edr-evasion ethical-hacking ethical-hacking-tools etw etw-bypass etw-evasion hacking malware malware-research pentest pentest-tool pentesting red-team redteam redteam-tools redteaming rust
Last synced: 13 Apr 2025
https://github.com/kara-4search/apc_shellcodeexecution_csharp
Shellcode Load or execute via "APC technic"
bypass csharp edr hacking injection pentest redteam shellcode-injection shellcode-loader
Last synced: 23 Apr 2025
https://github.com/fbartos/zcurve
zcurve R package for assessing the reliability and trustworthiness of published literature with the z-curve method
Last synced: 30 Oct 2025
https://github.com/thecyberarcher/soc-ressources
Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.
cyberdefense cybersecurity edr siem soc socanalyst threathunting
Last synced: 19 Mar 2025
https://github.com/kara-4search/fulldllunhooking_csharp
Unhook DLL via cleaning the DLL 's .text section
apiunhook bypass bypass- bypass-antivirus bypass-av bypassedr charp csharp edr edr-evasion ntdll redteam unhooking
Last synced: 23 Apr 2025
https://github.com/evilbytecode/powershell-persistance
Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do not take any responsibility for its use or any actions taken.
edr edr-bypass edr-evasion fud pentesting persistance win-api
Last synced: 16 Aug 2025
https://github.com/geniuszly/genedrbypass
An advanced tool for bypassing EDR (Endpoint Detection and Response) systems and antivirus software by dynamically generating and injecting shellcode
bypass cve cybersecurity edr edr-bypass endpoint-security ethical-hacking evasion-techniques exploit exploit-development genedrbypass penetration-testing poc security vulnerability
Last synced: 14 Aug 2025
https://github.com/samerde/get-riskyprocesses
Checks running processes for a list of potentially "risky" ones that should not be spawned by certain parent processes. If found, the results could indicate abnormal behavior.
edr exchange-server hacktoberfest iis infosectools powershell windows
Last synced: 19 Jul 2025
https://github.com/0xflux/ferric-fox
A windows 11 rootkit in Rust
edr edr-evasion rootkit rootkit-kernel rootkit-windows rust-rootkit security-research windows-kernel windows-kernel-exploitation windows-rootkit windows-rootkits
Last synced: 26 Oct 2025
https://github.com/kara-4search/addressofentrypoint_hijack_csharp
Shellcode injection or execution via AddressOfEntryPoint hijack.
addressofentrypointhijack csharp edr evasion redteam shellcode-execute shellcode-injection shellcode-loader
Last synced: 23 Apr 2025
https://github.com/whots/rosaryac-rs
Experimental usermode based EDR system PoC written in Rust. (WIP)
anticheats edr gamecheats rust rust-lang security security-tools threat-hunting threat-intelligence windows
Last synced: 21 Oct 2025
https://github.com/0xflux/rust-apc-queue-injection
APC Queue Injection EDR Evasion in Rust
edr edr-bypass edr-evasion ethical-hacking hacking malware malware-analysis malware-detection malware-development malware-research pentesting redteam redteam-tools redteaming rust
Last synced: 02 Jul 2025
https://github.com/roguecybersecuritychannel/vulnerable-driver-scanner
A script that webs scrapes multiple webpages for known vulnerable Windows Drivers, SHA256 hashes all system drivers, looks for matching driver names and SHA256 hashes.
antivirus blueteam blueteam-tools blueteaming-tools checker cyber-security cybersecurity cybersecurity-education cybersecurity-tools driver drivers edr python scanner vulenrability vulnerable windows windows-10 windows-11 windowsdriver
Last synced: 16 Jul 2025
https://github.com/roguecybersecuritychannel/malicious-ip-detector
A script to that checks for active connections to known malicious foreign IP addresses.
antivirus blueteam-tools blueteaming-tools bluteam cybersecurity edr ip malicious-ip-detection malicious-url-detection soc soc-analyst windows-10 windows-11
Last synced: 20 Oct 2025
https://github.com/vvv-keys/keysguard-unified-threat-intelligence-platform
KeysGuard is a modular cybersecurity suite combining Rust-powered memory scanning, AI-driven reconnaissance, and real-time threat intelligence visualization — built for defenders, red teamers, and curious minds alike.
algorithms antivirus computer-architecture computer-science cyber data-structure edr encryption-decryption guard guardian keys programming security security-audit security-tools siem virus-scanning vpn
Last synced: 02 Aug 2025
https://github.com/roguecybersecuritychannel/pycanary-python-canary-token-alternative
PyCanary: CMD line tool to monitor any directory for file access or file changes, log event, send basic alert to user, and dump and process information collected. There is also a background thread monitoring all created processes and logging them for later analysis.
antivirus blueteam blueteam-tools blueteaming blueteaming-tools canary canary-tokens cyber-security cybersecurity edr huristic logging multithreading process-monitor python threat-hunting windows-10 windows-11
Last synced: 20 Oct 2025
https://github.com/scrymastic/edr-agent
A tool for monitoring system events and sending relevant information to the EDR server for further analysis and response.
cpp17 edr logs monitoring sysmon windows
Last synced: 13 Mar 2025
https://github.com/aessecurity/oburix
eBPF-based runtime agent for Endpoint Detection and Response for Linux based operating systems.
agent cybersecurity ebpf edr linux runtime-security xdr
Last synced: 18 Oct 2025
https://github.com/jblukach/velociraptor
Digging Deeper.... Cloud Deployment
Last synced: 16 Mar 2025
https://github.com/phannhat17/hust-edr-server
Simple EDR System integrate with ELK stack
cybersecurity edr go grpc server
Last synced: 05 Apr 2025
https://github.com/remusdbd/detecting-voldemort-malware
YARA signature | YARA rule for Detecting Voldemort Malware
cuckoo edr malware security-onion soar splunk threat-hunting voldemort voldemort-malware yara yara-rule
Last synced: 22 Jul 2025
https://github.com/vvv-keys/keysguard
KeysGuard is a modular cybersecurity suite combining Rust-powered memory scanning, AI-driven reconnaissance, and real-time threat intelligence visualization — built for defenders, red teamers, and curious minds alike.
algorithms antivirus computer-architecture computer-science cyber data-structure edr encryption-decryption guard guardian keys programming security security-audit security-tools siem virus-scanning vpn
Last synced: 28 Jun 2025
https://github.com/pahaz/open-node-js-edr
Secure one file easy to understand and install zero-dependent cross-platform Endpoint Detection & Response security tool
cross-platform edr endpoint-protection endpoint-security open-source reverse-shell security
Last synced: 26 Mar 2025
https://github.com/greycloudss/greathelm
an open source WIP EDR
armourer defender edr security
Last synced: 07 Oct 2025
https://github.com/anjulameegalla/soar-edr-lab
Automated Incident Response with SOAR & EDR Integration
azure edr limacharlie playbook slack soar soc tines webhook
Last synced: 26 Oct 2025
https://github.com/dncrypter/edr-powershield
EDR is powerful tool combines IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) capabilities into a single, efficient package. Leveraging PowerShell scripts, it continuously monitors network activity, isolates compromised machines.......
edr network-isolation powershell-scripting
Last synced: 27 Mar 2025
https://github.com/elevated-standards/cloudits
Cloudit automates compliance with evidence collection. Cloudit streamlines vulnerability tracking, audit workflows, and compliance reporting by gathering artifacts, comparing findings, and generating actionable plans—keeping your organization audit-ready at all times.
atlassian audit aws azure compliance edr elastic fedramp gcp grc hitrust iso-27001 iso-27002 jira jumpcloud okta pci-dss security security-evidence tx-ramp
Last synced: 25 Mar 2025
https://github.com/droberson/hammertime
PoC LKM to force unloading of other LKMs
edr edr-bypass edr-evasion linux-kernel lkm lkm-hacking
Last synced: 09 Apr 2025
https://github.com/a5m1/fakewer
contains code for fakewer, dll sideloading poc / writeup
bypass c cpp crowdstrike dllsideloading edr learnc malware-poc ntapi poc sideloading wermgr windows
Last synced: 20 Feb 2025
https://github.com/luis261/symantec-cloud-edr-xsoar-integration
Cortex XSOAR Integration for the SES EDR API at https://api.sep.securitycloud.symantec.com
edr endpoint-security python3 security-automation symantec xsoar
Last synced: 12 Mar 2025
https://github.com/rp377/crowdstrike-falcon-integration-with-mac-workstations-using-intune
This guide helps you with necessary information for onboarding MAC workstations on CrowdStrike Falcon using Microsoft Intune
crowdstrike crowdstrike-falcon edr intune macos security
Last synced: 28 Oct 2025
https://github.com/milenarandom/saintvaltech-site
🌐 Showcase IT and cybersecurity services with the SaintValTech website, providing a professional online presence and valuable freelance solutions.
cybersecurity edr firewall homelab-setup linux macos microsoft-defender network-security purple-team siem windows
Last synced: 08 Oct 2025
https://github.com/chewitt/fidelis-tasks
Response Task (Script) Packages for Fidelis Endpoint (EDR)
Last synced: 17 Jun 2025
https://github.com/sonx4444/edr-server
An EDR server designed to monitor, detect, and respond to threats on network endpoints.
cybersecurity django edr sigma threat-detection
Last synced: 16 Jul 2025
https://github.com/aj-tap/musashi
Musashi is a Python-based rapid triage tool that applies SIGMA rules to endpoint logs (e.g., Defender, Cortex) for threat detection and IOC extraction. It automates log analysis, helping security analysts quickly identify suspicious activity without manual querying. 🚀
Last synced: 06 Apr 2025
https://github.com/elwali10/elwalikarkoub
Personal Tech blog. Powered by Hugo, Markdown, Github Actions.
aws cloud edr elastic k8s linux opensearch siem wazuh
Last synced: 23 Feb 2025
https://github.com/scrymastic/edr-server
An EDR server designed to monitor, detect, and respond to threats on network endpoints.
cybersecurity django edr sigma threat-detection
Last synced: 23 Feb 2025