MalwareTech/EDR-Preloader MalwareTech/EDR-Preloader

  • Stars
    star
    304
  • Rank 132,135 (Top 3 %)
  • Language
    C++
  • Created 3 months ago
  • Updated 3 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
MalwareTech/EDR-Preloader
github

MalwareTech

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

More Repositories

1

TrickBot-Toolkit

A collection of tools for dealing with TrickBot
Python
195
star
2

EDRception

A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
C++
142
star
3

ZombifyProcess

Inject code into a legitimate process
C++
140
star
4

TinyXPB

Windows XP 32-Bit Bootkit
C
138
star
5

AppContainerSandbox

An example sandbox using AppContainer (Windows 8+)
C++
125
star
6

CreateDesktop

Example application for creating multiple desktops on Windows
C++
125
star
7

FakeMBR

TDL4 style rootkit to spoof read/write requests to master boot record
C++
122
star
8

CitrixHoneypot

Detect and log CVE-2019-19781 scan and exploitation attempts.
HTML
114
star
9

Log4jTools

Tools for investigating Log4j CVE-2021-44228
Python
96
star
10

BasicHook

x86 Inline hooking engine (using trampolines)
C
91
star
11

HiddenDesktop

Create and enumerate hidden desktops.
C
80
star
12

RDGScanner

A proof-of-concept scanner to check an RDG Gateway Server for vulnerabilities CVE-2020-0609 & CVE-2020-0610.
Python
72
star
13

FstHook

A library for intercepting native functions by hooking KiFastSystemCall
C++
68
star
14

UACElevator

Passive UAC elevation using dll infection
C++
67
star
15

Beginner-Reversing-Challenges

https://www.malwaretech.com/beginner-malware-reversing-challenges
49
star
16

SpookySSLTools

Example tools for detecting software using OpenSSL 3.0.0 - 3.0.6 (vulnerable to latest unnamed vulnerability)
PowerShell
40
star
17

MSDIA-x64

Enable Microsoft PDB support in Ghidra without installing Visual Studio
Batchfile
39
star
18

FollinaExtractor

Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files
Python
31
star
19

SimpleEpollServer

An example epoll imlementation with C++11
C++
28
star
20

NeutrinoBotHack

SQL injection in Neutrino panel
Python
8
star
21

PhaseHack

Phase C&C Blind SQL Injection
Python
8
star
22

PhaseDump

Python tool for decrypting W32/Phase modules
Python
5
star