PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
-
Updated
Apr 10, 2021 - C
#
edr
Here are 11 public repositories matching this topic...
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
malware antivirus evasion bypass fiber dropper bypass-antivirus edr implant process-injection ntdll-unhooking systemfunction033
-
Updated
Feb 10, 2023 - C
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Notify Routine callbacks, Object Callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.
-
Updated
Jan 24, 2024 - C
Transparently call NTAPI via Halo's Gate with indirect syscalls.
-
Updated
Apr 26, 2024 - C
PoC LKM to force run cleanup_module() on other LKMs
-
Updated
Apr 5, 2025 - C
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
dns http netflow monitoring tcp virus filesystem udp detection syslog dpi vulnerability xdr siem ebpf dlp edr co-re
-
Updated
Apr 10, 2025 - C
WFP Endpoint Protection Traffic Blocker
-
Updated
May 4, 2025 - C
eBPF-based runtime agent for Endpoint Detection and Response for Linux based operating systems.
-
Updated
Aug 19, 2025 - C
Improve this page
Add a description, image, and links to the edr topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the edr topic, visit your repo's landing page and select "manage topics."