0xBugatti/myAwesome
September 11, 2025 at 2:07:55 PM UTC * - permalink -

- https://github.com/0xBugatti/myAwesome

Attacking an EDR - Part 1
March 7, 2024 at 4:55:27 PM UTC - permalink -

- https://riccardoancarani.github.io/2023-08-03-attacking-an-edr-part-1/

klezVirus.github.io/RedTeaming/AV_Evasion at master · klezVirus/klezVirus.github.io · GitHub
June 22, 2023 at 8:49:02 AM UTC * - permalink -

- https://github.com/klezVirus/klezVirus.github.io/tree/master/RedTeaming/AV_Evasion

Understanding Telemetry: Kernel Callbacks | by Jonathan Johnson | Jun, 2023 | Posts By SpecterOps Team Members
June 13, 2023 at 9:06:57 AM UTC - permalink -

- https://posts.specterops.io/understanding-telemetry-kernel-callbacks-1a97cfcb8fb3

EDR Telemetry Tracking for Windows - Google Sheets
June 5, 2023 at 12:44:48 PM UTC - permalink -

- https://docs.google.com/spreadsheets/d/1ZMFrD6F6tvPtf_8McC-kWrNBBec_6Si3NW6AoWf3Kbg/edit#gid=1993314609

D1rkMtr/FilelessNtdllReflection: Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported API from the export table
January 19, 2023 at 1:05:16 PM UTC * - permalink -

- https://github.com/D1rkMtr/FilelessNtdllReflection

med0x2e/SigFlip: SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
October 26, 2022 at 3:09:17 PM UTC - permalink -

- https://github.com/med0x2e/SigFlip

A Guide to Reversing and Evading EDRs: Part 3 - @Jackson_T
October 26, 2022 at 2:53:37 PM UTC * - permalink -

- https://jackson_t.gitlab.io/edr-reversing-evading-03.html

User-mode API hooks and bypasses — Improsec | improving security
October 6, 2022 at 3:48:20 PM UTC * - permalink -

- https://improsec.com/tech-blog/user-mode-api-hooks-and-bypasses

naksyn/Pyramid: a tool to help operate in EDRs' blind spots
October 3, 2022 at 12:38:08 PM UTC - permalink -

- https://github.com/naksyn/Pyramid

FourCoreLabs/EDRHunt: Scan installed EDRs and AVs on Windows
September 27, 2022 at 9:00:47 AM UTC - permalink -

- https://github.com/FourCoreLabs/EDRHunt

zeroperil/HookDump: Security product hook detection
September 26, 2022 at 6:20:08 PM UTC - permalink -

- https://github.com/zeroperil/HookDump

ethereal-vx/Antivirus-Artifacts: Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
June 21, 2022 at 9:32:19 AM UTC - permalink -

- https://github.com/ethereal-vx/Antivirus-Artifacts

Windows Kernel Ps Callbacks Experiments
April 20, 2022 at 4:33:55 PM UTC - permalink -

- https://web.archive.org/web/20200326040826/http://deniable.org/windows/windows-callbacks

Bypassing Cortex XDR | mr.d0x
April 13, 2022 at 10:49:46 PM UTC - permalink -

- https://mrd0x.com/cortex-xdr-analysis-and-bypass/

SomeStuff/Invoke-EDRCheck.ps1 at master · SadProcessor/SomeStuff
April 5, 2022 at 12:33:02 PM UTC - permalink -

- https://github.com/SadProcessor/SomeStuff/blob/master/Invoke-EDRCheck.ps1

Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs - Red Teaming Experiments
March 14, 2022 at 5:57:35 PM UTC * - permalink -

- https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis

Yaxser/Backstab: A tool to kill antimalware protected processes
January 12, 2022 at 12:01:12 PM UTC - permalink -

- https://github.com/Yaxser/Backstab

wavestone-cdt/EDRSandblast
December 7, 2021 at 5:11:49 PM UTC - permalink -

- https://github.com/wavestone-cdt/EDRSandblast

Elastic
November 26, 2021 at 3:01:29 PM UTC - permalink -

- https://mitre-evals.kb.europe-west1.gcp.cloud.es.io:9243/login?next=%2F