EDR Killer

GitHub - netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.GitHub

GitHub - Helixo32/NimBlackout: Kill AV/EDR leveraging BYOVD attackGitHub

GitHub - myzxcg/RealBlindingEDR: Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...GitHub

GitHub - logangoins/Krueger: Proof of Concept (PoC) .NET tool for remotely killing EDR with WDACGitHub

GitHub - cpu0x00/EternelSuspention: a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it uselessGitHub

GitHub - zer0condition/mhydeath: Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.GitHub

GitHub - rad9800/FileRenameJunctionsEDRDisableGitHub

GitHub - logangoins/Krueger: Proof of Concept (PoC) .NET tool for remotely killing EDR with WDACGitHub

MoveEdr

Permanently disable EDRs as local admin

GitHub - duhirsch/MoveEdr: Permanently disable EDRs as local adminGitHub

HRSword

HRSword: EDR KillerMedium

Run as admin

GitHub - MiroKaku/HRSword-Portable: https://www.huorong.cn/GitHub

BYOVD

GitHub - ph4nt0mbyt3/Darkside: C# AV/EDR Killer using less-known driver (BYOVD)GitHub

Physical Access

GitHub - lkarlslund/nifo: Nuke It From Orbit - remove AV/EDR with physical accessGitHub

Interesting Book

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems The author uses his years of experience as a red team operator to investigate each of the most common sensor components, discussing their purpose, explaining their implementation, and showing the ways they collect various data points from the Microsoft operating system. In addition to covering the theory behind designing an effective EDR, each chapter also reveals documented evasion strategies for bypassing EDRs that red teamers can use in their engagements.