edr
There are 157 repositories under edr topic.
matro7sh/BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
bytedance/Elkeid
Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.
rabbitstack/fibratus
Adversary tradecraft detection, protection, and hunting
ION28/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
0xrawsec/whids
Open Source EDR for Windows
Xacone/BestEdrOfTheMarket
Little user-mode AV/EDR evasion lab for training & learning purposes
tkmru/awesome-edr-bypass
Awesome EDR Bypass Resources For Ethical Hacking
jthuraisamy/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
xuanxuan0/DripLoader
Evasive shellcode loader for bypassing event-based injection detection (PoC)
wecooperate/iMonitor
iMonitor(冰镜 - 终端行为分析系统)
naksyn/Pyramid
a tool to help operate in EDRs' blind spots
RoomaSec/RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
GeorgePatsias/ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
LearningKijo/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
SitinCloud/Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
wecooperate/iMonitorSDK
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
zeroperil/HookDump
Security product hook detection
niklasr22/BrightIntosh
Unlock the full brightness of the XDR display of your MacBook Pro
kiding/wanna-see-a-whiter-white
CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system
op7ic/EDR-Testing-Script
Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
NUL0x4C/KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
xuanxuan0/TiEtwAgent
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
utmstack/UTMStack
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
ion-storm/sysmon-edr
Sysmon EDR POC Build within Powershell to prove ability.
LearningKijo/MDEtester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
reveng007/ReflectiveNtdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
ProcessusT/Venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
securityjoes/ForensicMiner
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
carbonblack/cbapi-python
Carbon Black API - Python language bindings
TH3xACE/EDR-Test
Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].
ars3n11/MineSweeper
Windows user-land hooks manipulation tool.
UncoderIO/Uncoder_IO
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
UncoderIO/Roota
Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages
redcanaryco/redcanary-response-utils
Tools to automate and/or expedite response.
starkdmi/BrightXDR
Free and Open Source alternative to Vivid macOS application to extend Apple XDR display brightness from 500 up to 1600 nits.
WhiteBeamSec/WhiteBeam
WhiteBeam: Transparent endpoint security