edr

A modern tool for Windows kernel exploration and tracing with a focus on security

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

This map lists the essential techniques to bypass anti-virus and EDR

An Active Defense and EDR software to empower Blue Teams

Open Source EDR for Windows

Enumerate and disable common sources of telemetry used by AV/EDR.

Evasive shellcode loader for bypassing event-based injection detection (PoC)

iMonitor（冰镜 - 终端行为分析系统）

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

a tool to help operate in EDRs' blind spots

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

CSS trick/bug to display a brighter white by exploiting browsers' HDR capability and Apple's EDR system

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

Security product hook detection

Sysmon EDR POC Build within Powershell to prove ability.

Carbon Black API - Python language bindings