Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with edr
A curated list of projects in awesome lists tagged with edr .
https://github.com/rabbitstack/fibratus
Adversary tradecraft detection, protection, and hunting
adversary blueteam edr etw golang instrumentation python security windows windows-kernel
Last synced: 17 Dec 2024
https://github.com/bytedance/elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
cwpp edr hids linux-security rasp security
Last synced: 20 Dec 2024
https://github.com/bytedance/Elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
cwpp edr hids linux-security rasp security
Last synced: 01 Nov 2024
https://github.com/ion28/bluespawn
An Active Defense and EDR software to empower Blue Teams
active-defense anti-virus blue-team edr mitre-attack security security-tools threat-hunting windows
Last synced: 15 Dec 2024
https://github.com/ION28/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
active-defense anti-virus blue-team edr mitre-attack security security-tools threat-hunting windows
Last synced: 01 Nov 2024
https://github.com/0xrawsec/whids
Open Source EDR for Windows
dfir edr ids sysmon threat-hunting windows
Last synced: 15 Dec 2024
https://github.com/xacone/bestedrofthemarket
Little AV/EDR evasion lab for training & learning purposes
defense-evasion edr edr-evasion edr-testing
Last synced: 16 Dec 2024
https://github.com/jthuraisamy/telemetrysourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
Last synced: 21 Dec 2024
https://github.com/xuanxuan0/driploader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
edr evasion-attacks shellcode shellcode-injector shellcode-loader
Last synced: 21 Dec 2024
https://github.com/xuanxuan0/DripLoader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
edr evasion-attacks shellcode shellcode-injector shellcode-loader
Last synced: 21 Nov 2024
https://github.com/wecooperate/iMonitor
iMonitor(冰镜 - 终端行为分析系统)
edr malware-analysis open-procmon procmon reverse-engineering systemmonitor
Last synced: 28 Nov 2024
https://github.com/naksyn/Pyramid
a tool to help operate in EDRs' blind spots
edr edr-testing hacking python redteam-tools redteaming
Last synced: 07 Nov 2024
https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
bypass-antivirus cobaltstrike-cna control dll edr evasion excel exe msiexec scarecrow wscript
Last synced: 21 Nov 2024
https://github.com/RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
Last synced: 21 Nov 2024
https://github.com/LearningKijo/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
edr incident-response kql kusto threat-hunting xdr
Last synced: 06 Nov 2024
https://github.com/SitinCloud/Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
antivirus behavior-analysis command-and-control cybersecurity edr exfiltration impact machine-learning malware malware-analysis malware-research ransomware threat-hunting
Last synced: 24 Nov 2024
https://github.com/wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
access-control defender edr endpoint-security etw kernel monitoring-tool procmon security sysmon zero-trust
Last synced: 21 Nov 2024
https://github.com/op7ic/EDR-Testing-Script
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
att edr edr-solutions incident-response mitre security security-audit
Last synced: 07 Nov 2024
https://github.com/niklasr22/BrightIntosh
Unlock the full brightness of the XDR display of your MacBook Pro
apple bright brightness brightness-control display edr hdr mac macbook macbook-pro macos nits swift swiftui xdr
Last synced: 23 Nov 2024
https://github.com/xuanxuan0/TiEtwAgent
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
detection edr injection memory-scanning security
Last synced: 21 Nov 2024
https://github.com/ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
Last synced: 13 Nov 2024
https://github.com/utmstack/UTMStack
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
compliance correlation edr incident-response log-management siem threat-intelligence threat-management utmstack xdr
Last synced: 12 Nov 2024
https://github.com/LearningKijo/MDEtester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
defenderforendpoint edr powershell testing
Last synced: 06 Nov 2024
https://github.com/th3xace/edr-test
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
aggressor-scripts cobalt-strike cobaltstrike edr mitre-attack purple-team purpleteam
Last synced: 20 Nov 2024
https://github.com/securityjoes/ForensicMiner
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
automation cortex crowdstrike cyber dfir edr fast forensics ir mdr powershell security soc xdr
Last synced: 17 Nov 2024
https://github.com/redcanaryco/redcanary-response-utils
Tools to automate and/or expedite response.
Last synced: 15 Dec 2024
https://github.com/reveng007/reflectiventdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
antivirus bypass bypass-antivirus dropper edr evasion fiber implant malware ntdll-unhooking process-injection systemfunction033
Last synced: 12 Nov 2024
https://github.com/brosck/condor
「🛡️」AVs/EDRs Evasion tool
antivirus antivirus-evasion av bypass defender edr evasion hacking injection loader protection python security shellcode windows windows-defender xdr
Last synced: 02 Nov 2024
https://github.com/processust/unhookingdll
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
bypass dll-unhooking edr etw process-hollowing shellcode
Last synced: 16 Oct 2024
https://github.com/kara-4search/fulldllunhooking_csharp
Unhook DLL via cleaning the DLL 's .text section
apiunhook bypass bypass- bypass-antivirus bypass-av bypassedr charp csharp edr edr-evasion ntdll redteam unhooking
Last synced: 10 Nov 2024
https://github.com/shadawck/awesome-endpoint-detection-and-response
Collection of tool you need to have in your Endpoint Detection and Response arsenal
awesome awesome-list edr endpoint endpoint-protection endpoint-security incident-response
Last synced: 15 Nov 2024
https://github.com/starkdmi/brightxdr
Free and Open Source alternative to Vivid macOS application to extend Apple XDR display brightness from 500 up to 1600 nits.
apple brightness display edr hdr lunar macbook-pro macos swift swiftui vivid xdr
Last synced: 08 Nov 2024
https://github.com/tarsal-oss/kflowd
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
co-re detection dlp dns dpi ebpf edr filesystem http monitoring netflow siem syslog tcp udp virus vulnerability xdr
Last synced: 12 Oct 2024
https://github.com/kara-4search/hookdetection_csharp
HookDetection
csharp edr hook-functions hookdetect pentest redteam redteam-tools windows-defender
Last synced: 10 Nov 2024
https://github.com/yardenshafir/conference_talks
Slides from various conference talks
conference-talk edr exploitation mitigation windows windows-internals
Last synced: 16 Nov 2024
https://github.com/nasbench/sedr-internals
Symantec EDR Internals
detection edr endpoint endpoint-detection-response internals sedr symantec windows
Last synced: 28 Oct 2024
https://github.com/kara-4search/earlybirdinjection_csharp
Inject shellcode into process via "EarlyBird"
apc bypass csharp earlybird edr injection process-injection redteam shellcode
Last synced: 10 Nov 2024
https://github.com/kara-4search/apc_shellcodeexecution_csharp
Shellcode Load or execute via "APC technic"
bypass csharp edr hacking injection pentest redteam shellcode-injection shellcode-loader
Last synced: 10 Nov 2024
https://github.com/samerde/get-riskyprocesses
Checks running processes for a list of potentially "risky" ones that should not be spawned by certain parent processes. If found, the results could indicate abnormal behavior.
edr exchange-server hacktoberfest iis infosectools powershell windows
Last synced: 11 Oct 2024
https://github.com/kara-4search/addressofentrypoint_hijack_csharp
Shellcode injection or execution via AddressOfEntryPoint hijack.
addressofentrypointhijack csharp edr evasion redteam shellcode-execute shellcode-injection shellcode-loader
Last synced: 10 Nov 2024
https://github.com/whots/rosaryac-rs
Experimental usermode based EDR system PoC written in Rust. (WIP)
anticheats edr gamecheats rust rust-lang security security-tools threat-hunting threat-intelligence windows
Last synced: 07 Nov 2024
https://github.com/roguecybersecuritychannel/vulnerable-driver-scanner
A script that webs scrapes multiple webpages for known vulnerable Windows Drivers, SHA256 hashes all system drivers, looks for matching driver names and SHA256 hashes.
antivirus blueteam blueteam-tools blueteaming-tools checker cyber-security cybersecurity cybersecurity-education cybersecurity-tools driver drivers edr python scanner vulenrability vulnerable windows windows-10 windows-11 windowsdriver
Last synced: 14 Nov 2024
https://github.com/roguecybersecuritychannel/malicious-ip-detector
A script to that checks for active connections to known malicious foreign IP addresses.
antivirus blueteam-tools blueteaming-tools bluteam cybersecurity edr ip malicious-ip-detection malicious-url-detection soc soc-analyst windows-10 windows-11
Last synced: 11 Oct 2024
https://github.com/0xflux/sanctum
Sanctum is a proof-of-concept EDR like tool, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
antivirus antivirus-software blue-team cyber-security driver edr kernel-driver malware-analysis malware-research red-team rust rust-driver rust-edr rust-windows rust-windows-driver tauri tauri-app windows-driver windows-rust
Last synced: 05 Nov 2024
https://github.com/roguecybersecuritychannel/pycanary-python-canary-token-alternative
PyCanary: CMD line tool to monitor any directory for file access or file changes, log event, send basic alert to user, and dump and process information collected. There is also a background thread monitoring all created processes and logging them for later analysis.
antivirus blueteam blueteam-tools blueteaming blueteaming-tools canary canary-tokens cyber-security cybersecurity edr huristic logging multithreading process-monitor python threat-hunting windows-10 windows-11
Last synced: 10 Oct 2024
https://github.com/thecyberarcher/soc-ressources
Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.
cyberdefense cybersecurity edr siem soc socanalyst threathunting
Last synced: 25 Nov 2024
https://github.com/pahaz/open-node-js-edr
Secure one file easy to understand and install zero-dependent cross-platform Endpoint Detection & Response security tool
cross-platform edr endpoint-protection endpoint-security open-source reverse-shell security
Last synced: 03 Dec 2024
https://github.com/0xflux/rust-apc-queue-injection
APC Queue Injection EDR Evasion in Rust
edr edr-bypass edr-evasion ethical-hacking hacking malware malware-analysis malware-detection malware-development malware-research pentesting redteam redteam-tools redteaming rust
Last synced: 20 Nov 2024
https://github.com/luis261/symantec-cloud-edr-xsoar-integration
Cortex XSOAR Integration for the SES EDR API at https://api.sep.securitycloud.symantec.com
edr endpoint-security python3 security-automation symantec xsoar
Last synced: 24 Oct 2024
https://github.com/chewitt/fidelis-tasks
Response Task (Script) Packages for Fidelis Endpoint (EDR)
Last synced: 02 Dec 2024
https://github.com/scrymastic/edr-server
An EDR server designed to monitor, detect, and respond to threats on network endpoints.
cybersecurity django edr sigma threat-detection
Last synced: 09 Nov 2024
https://github.com/remusdbd/detecting-voldemort-malware
YARA signature | YARA rule for Detecting Voldemort Malware
cuckoo edr malware security-onion soar splunk threat-hunting voldemort voldemort-malware yara yara-rule
Last synced: 07 Dec 2024
https://github.com/scrymastic/edr-agent
A tool for monitoring system events and sending relevant information to the EDR server for further analysis and response.
cpp17 edr logs monitoring sysmon windows
Last synced: 19 Nov 2024
https://github.com/0xflux/etw-bypass-rust
Event Tracing for Windows EDR bypass in Rust
edr edr-bypass edr-evasion ethical-hacking ethical-hacking-tools etw etw-bypass etw-evasion hacking malware malware-research pentest pentest-tool pentesting red-team redteam redteam-tools redteaming rust
Last synced: 20 Nov 2024