0xBugatti/myAwesome
September 11, 2025 at 2:07:55 PM UTC * - permalink -

- https://github.com/0xBugatti/myAwesome

Attacking an EDR - Part 1
March 7, 2024 at 4:55:27 PM UTC - permalink -

- https://riccardoancarani.github.io/2023-08-03-attacking-an-edr-part-1/

klezVirus.github.io/RedTeaming/AV_Evasion at master · klezVirus/klezVirus.github.io · GitHub
June 22, 2023 at 8:49:02 AM UTC * - permalink -

- https://github.com/klezVirus/klezVirus.github.io/tree/master/RedTeaming/AV_Evasion

hexacorn.com/d/DeXRAY.pl
May 17, 2023 at 5:56:25 PM UTC * - permalink -

- https://hexacorn.com/d/DeXRAY.pl

D1rkMtr/FilelessNtdllReflection: Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported API from the export table
January 19, 2023 at 1:05:16 PM UTC * - permalink -

- https://github.com/D1rkMtr/FilelessNtdllReflection

med0x2e/SigFlip: SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
October 26, 2022 at 3:09:17 PM UTC - permalink -

- https://github.com/med0x2e/SigFlip

A Guide to Reversing and Evading EDRs: Part 3 - @Jackson_T
October 26, 2022 at 2:53:37 PM UTC * - permalink -

- https://jackson_t.gitlab.io/edr-reversing-evading-03.html

naksyn/Pyramid: a tool to help operate in EDRs' blind spots
October 3, 2022 at 12:38:08 PM UTC - permalink -

- https://github.com/naksyn/Pyramid

FourCoreLabs/EDRHunt: Scan installed EDRs and AVs on Windows
September 27, 2022 at 9:00:47 AM UTC - permalink -

- https://github.com/FourCoreLabs/EDRHunt

ethereal-vx/Antivirus-Artifacts: Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
June 21, 2022 at 9:32:19 AM UTC - permalink -

- https://github.com/ethereal-vx/Antivirus-Artifacts

Antivirus evasion by user mode unhooking on Windows 10 - report.pdf
February 7, 2022 at 9:18:11 PM UTC - permalink -

- https://cdn.discordapp.com/attachments/633989923459956776/940267352157741076/report.pdf

Yaxser/Backstab: A tool to kill antimalware protected processes
January 12, 2022 at 12:01:12 PM UTC - permalink -

- https://github.com/Yaxser/Backstab

Evading EDR in 15 Minutes with ScareCrow
November 20, 2021 at 11:26:14 PM UTC - permalink -

- https://adamsvoboda.net/evading-edr-with-scarecrow/

Aetsu/OffensivePipeline: OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
November 19, 2021 at 7:32:38 PM UTC - permalink -

- https://github.com/Aetsu/OffensivePipeline

Tylous/Limelighter: A tool for generating fake code signing certificates or signing real ones
October 20, 2021 at 11:08:43 AM UTC - permalink -

- https://github.com/Tylous/Limelighter

FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking - MDSec
June 30, 2021 at 12:59:52 PM UTC - permalink -

- https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/

PE Parsing and Defeating AV/EDR API Hooks in C++ - SolomonSklash.io
June 30, 2021 at 12:30:28 PM UTC - permalink -

- https://www.solomonsklash.io/pe-parsing-defeating-hooking.html

Company IPs
March 23, 2021 at 7:05:49 PM UTC - permalink -

- https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10

Mr-Un1k0d3r/RedTeamCCode: Red Team C code repo
February 17, 2021 at 2:41:30 PM UTC - permalink -

- https://github.com/Mr-Un1k0d3r/RedTeamCCode

A tale of EDR bypass methods | S3cur3Th1sSh1t
February 2, 2021 at 12:58:33 PM UTC - permalink -

- https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/