edr

There are 154 repositories under edr topic.

  • BypassAV

    matro7sh/BypassAV

    This map lists the essential techniques to bypass anti-virus and EDR

    2.3k354261

  • bytedance/Elkeid

    Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

    Language:Go2.3k47280439

  • rabbitstack/fibratus

    Adversary tradecraft detection, protection, and hunting

    Language:Go2.2k7079190
  • BLUESPAWN

    ION28/BLUESPAWN

    An Active Defense and EDR software to empower Blue Teams

    Language:C++1.2k41239170

  • 0xrawsec/whids

    Open Source EDR for Windows

    Language:Go1.2k45130143

  • Xacone/BestEdrOfTheMarket

    Little user-mode AV/EDR evasion lab for training & learning purposes

    Language:C++999154110

  • tkmru/awesome-edr-bypass

    Awesome EDR Bypass Resources For Ethical Hacking

    93424197

  • jthuraisamy/TelemetrySourcerer

    Enumerate and disable common sources of telemetry used by AV/EDR.

    Language:C++769304123

  • xuanxuan0/DripLoader

    Evasive shellcode loader for bypassing event-based injection detection (PoC)

    Language:C++715152117

  • wecooperate/iMonitor

    iMonitor(冰镜 - 终端行为分析系统)

    Language:C++7131423155

  • naksyn/Pyramid

    a tool to help operate in EDRs' blind spots

    Language:Python653121076

  • RoomaSec/RmEye

    戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

    Language:Python47514268
  • ScareCrow-CobaltStrike

    GeorgePatsias/ScareCrow-CobaltStrike

    Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

    Language:Python4578870
  • KQL

    LearningKijo/KQL

    Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

    44222278

  • SitinCloud/Owlyshield

    Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

    Language:Rust390153024

  • wecooperate/iMonitorSDK

    The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发

    Language:Batchfile34311480

  • zeroperil/HookDump

    Security product hook detection

    Language:C++3109050

  • op7ic/EDR-Testing-Script

    Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

    Language:Batchfile28920178
  • BrightIntosh

    niklasr22/BrightIntosh

    Unlock the full brightness of the XDR display of your MacBook Pro

    Language:Swift28757820

  • NUL0x4C/KnownDllUnhook

    Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs

    Language:C2877037

  • kiding/wanna-see-a-whiter-white

    CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system

    Language:HTML2768010

  • xuanxuan0/TiEtwAgent

    PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

    Language:C2538339

  • utmstack/UTMStack

    Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

    Language:Java219921126

  • ion-storm/sysmon-edr

    Sysmon EDR POC Build within Powershell to prove ability.

    Language:PowerShell21811127
  • MDEtester

    LearningKijo/MDEtester

    MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.

    Language:PowerShell1886223

  • reveng007/ReflectiveNtdll

    A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

    Language:C1654023

  • ProcessusT/Venoma

    Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

    Language:C++1647431
  • ForensicMiner

    securityjoes/ForensicMiner

    A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

    Language:PowerShell1486518

  • carbonblack/cbapi-python

    Carbon Black API - Python language bindings

    Language:Python1472815186

  • TH3xACE/EDR-Test

    Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].

    1464019

  • ars3n11/MineSweeper

    Windows user-land hooks manipulation tool.

    Language:C1397118

  • UncoderIO/Uncoder_IO

    An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

    Language:Python130131123

  • UncoderIO/Roota

    Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages

    116808

  • redcanaryco/redcanary-response-utils

    Tools to automate and/or expedite response.

    Language:Python11335736
  • WhiteBeam

    WhiteBeamSec/WhiteBeam

    WhiteBeam: Transparent endpoint security

    Language:Rust9682713

  • starkdmi/BrightXDR

    Free and Open Source alternative to Vivid macOS application to extend Apple XDR display brightness from 500 up to 1600 nits.

    Language:Swift931311