edr

There are 213 repositories under edr topic.

  • BypassAV

    matro7sh/BypassAV

    This map lists the essential techniques to bypass anti-virus and EDR

    2.9k475327

  • bytedance/Elkeid

    Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

    Language:Go2.5k47284460

  • rabbitstack/fibratus

    Adversary tradecraft detection, protection, and hunting

    Language:Go2.4k6885200
  • BestEdrOfTheMarket

    Xacone/BestEdrOfTheMarket

    EDR Lab for Experimentation Purposes

    Language:C++1.3k188146
  • BLUESPAWN

    ION28/BLUESPAWN

    An Active Defense and EDR software to empower Blue Teams

    Language:C++1.3k41239171

  • tkmru/awesome-edr-bypass

    Awesome EDR Bypass Resources For Ethical Hacking

    1.3k281124

  • 0xrawsec/whids

    Open Source EDR for Windows

    Language:Go1.3k44130145

  • jthuraisamy/TelemetrySourcerer

    Enumerate and disable common sources of telemetry used by AV/EDR.

    Language:C++811314128

  • xuanxuan0/DripLoader

    Evasive shellcode loader for bypassing event-based injection detection (PoC)

    Language:C++807152127

  • wecooperate/iMonitor

    iMonitor(冰镜 - 终端行为分析系统)

    Language:C++7621425167

  • naksyn/Pyramid

    a tool to help operate in EDRs' blind spots

    Language:Python758131192

  • RoomaSec/RmEye

    戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

    Language:Python52315282
  • KQL

    LearningKijo/KQL

    Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

    48423285
  • ScareCrow-CobaltStrike

    GeorgePatsias/ScareCrow-CobaltStrike

    Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

    Language:Python4647868

  • SitinCloud/Owlyshield

    Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

    Language:Rust416163131
  • BrightIntosh

    niklasr22/BrightIntosh

    Unlock the full brightness of the XDR display of your MacBook Pro

    Language:Swift412510035

  • wecooperate/iMonitorSDK

    The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发

    Language:C++36311487

  • 0xflux/Sanctum

    Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

    Language:Rust35635310

  • kiding/wanna-see-a-whiter-white

    CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system

    Language:HTML3227010

  • zeroperil/HookDump

    Security product hook detection

    Language:C++3218051

  • op7ic/EDR-Testing-Script

    Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

    Language:Batchfile30919185

  • theSecHunter/Hades-Windows

    Hades HIDS/HIPS for Windows

    Language:C++2899296

  • xuanxuan0/TiEtwAgent

    PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

    Language:C2888344

  • ion-storm/sysmon-edr

    Sysmon EDR POC Build within Powershell to prove ability.

    Language:PowerShell22610127

  • ProcessusT/Venoma

    Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

    Language:C++1959435
  • MDEtester

    LearningKijo/MDEtester

    MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.

    Language:PowerShell1916226

  • V-i-x-x/kernel-callback-removal

    kernel callback removal (Bypassing EDR Detections)

    Language:C++18934

  • msdirtbag/MDEAutomator

    PowerShell-based Automation of Defender for Endpoint

    Language:Python175

  • reveng007/ReflectiveNtdll

    A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

    Language:C1745024

  • UncoderIO/Uncoder_IO

    An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.

    Language:Python158121226
  • ForensicMiner

    securityjoes/ForensicMiner

    A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

    Language:PowerShell1576520

  • TH3xACE/EDR-Test

    Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].

    1573020

  • starkdmi/BrightXDR

    Free and Open Source alternative to Vivid macOS application to extend Apple XDR display brightness from 500 up to 1600 nits.

    Language:Swift1542712

  • ars3n11/MineSweeper

    Windows user-land hooks manipulation tool.

    Language:C1457118

  • carbonblack/cbapi-python

    Carbon Black API - Python language bindings

    Language:Python1452715186

  • UncoderIO/Roota

    Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages

    128809