iMonitor Ice Mirror Endpoint Behavior Analysis System he world most powerful System Activity Monitor Engine
🔄 Redirect EDR's working folder using a mini filter to enhance your control and undermine detection capabilities effectively.
🚀 Suspend EDR and antivirus processes easily with EDR-Freeze, a user-mode tool that bypasses complex driver vulnerabilities on Windows.
Windows Kernel Based EDR Agent in VateX Evidentia EDR
Greathelm is a modular Windows security service focused on process inspection, PowerShell telemetry, and automated response enforcement. It’s built entirely in C++ and designed for minimal dependencies, direct API usage.
kernel callback removal (Bypassing EDR Detections)
EDR Lab for Experimentation Purposes
A generic detection engine (.lib) for Windows which uses downloadable custom rulesets to detect & block processes. Can be used in anti-virus, anti-cheat, anti-crypto mining, etc.
Hades HIDS/HIPS for Windows
PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.
The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能, 而不用关心底层驱动的开发、维护和兼容性问题,让其可以专注于业务开发
Misery Loader to bypass modern EDR solutions
iMonitor(冰镜 - 终端行为分析系统)
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
Repository to publish your evasion techniques and contribute to the project
An Active Defense and EDR software to empower Blue Teams
Add a description, image, and links to the edr topic page so that developers can more easily learn about it.
To associate your repository with the edr topic, visit your repo's landing page and select "manage topics."