MalwareTech/EDRception MalwareTech/EDRception

  • Stars
    star
    142
  • Rank 250,532 (Top 6 %)
  • Language
    C++
  • Created 5 months ago
  • Updated 5 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
MalwareTech/EDRception
github

MalwareTech

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.

More Repositories

1

EDR-Preloader

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
C++
304
star
2

TrickBot-Toolkit

A collection of tools for dealing with TrickBot
Python
195
star
3

ZombifyProcess

Inject code into a legitimate process
C++
140
star
4

TinyXPB

Windows XP 32-Bit Bootkit
C
138
star
5

AppContainerSandbox

An example sandbox using AppContainer (Windows 8+)
C++
125
star
6

CreateDesktop

Example application for creating multiple desktops on Windows
C++
125
star
7

FakeMBR

TDL4 style rootkit to spoof read/write requests to master boot record
C++
122
star
8

CitrixHoneypot

Detect and log CVE-2019-19781 scan and exploitation attempts.
HTML
114
star
9

Log4jTools

Tools for investigating Log4j CVE-2021-44228
Python
96
star
10

BasicHook

x86 Inline hooking engine (using trampolines)
C
91
star
11

HiddenDesktop

Create and enumerate hidden desktops.
C
80
star
12

RDGScanner

A proof-of-concept scanner to check an RDG Gateway Server for vulnerabilities CVE-2020-0609 & CVE-2020-0610.
Python
72
star
13

FstHook

A library for intercepting native functions by hooking KiFastSystemCall
C++
68
star
14

UACElevator

Passive UAC elevation using dll infection
C++
67
star
15

Beginner-Reversing-Challenges

https://www.malwaretech.com/beginner-malware-reversing-challenges
49
star
16

SpookySSLTools

Example tools for detecting software using OpenSSL 3.0.0 - 3.0.6 (vulnerable to latest unnamed vulnerability)
PowerShell
40
star
17

MSDIA-x64

Enable Microsoft PDB support in Ghidra without installing Visual Studio
Batchfile
39
star
18

FollinaExtractor

Extract payload URLs from Follina (CVE-2022-30190) docx and rtf files
Python
31
star
19

SimpleEpollServer

An example epoll imlementation with C++11
C++
28
star
20

NeutrinoBotHack

SQL injection in Neutrino panel
Python
8
star
21

PhaseHack

Phase C&C Blind SQL Injection
Python
8
star
22

PhaseDump

Python tool for decrypting W32/Phase modules
Python
5
star