awesome-edr-bypass
github.com/tkmru/awesome-edr-bypass ↗Awesome EDR Bypass Resources For Ethical Hacking
1.5k
GitHub Stars
71
Curated Resources
7
Categories
5 hours ago
Last Refreshed
PoCToolWorkshopPresentationBlogBookOther awesome series
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me byovd resources from awesome-edr-bypass"
Installation instructions →What's inside
PoC
- am0nsec/HellsGate: Original C Implementation of the Hell's Gate VX Technique
- BYOSI: Bypass EDR by bringing your own script interpreter
- Maldev-Academy/HellHall: Performing Indirect Clean Syscalls
- Mr-Un1k0d3r/RedTeamCCode: Red Team C code repo
- op7ic/EDR-Testing-Script: Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
- Polydrop: Expanded BYOSI attack, leverages 12 additional languages.
Blog
- An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors
- A tale of EDR bypass methods | S3cur3Th1sSh1t
S3cur3Th1sSh1t
- Attacking an EDR - Part 1
Part 1
- Attacking an EDR - Part 2
Part 2
- Blinding EDR On Windows | synzack
synzack
- Blindside: A New Technique for EDR Evasion with Hardware Breakpoints - Cymulate
Cymulate
Workshop
Presentation
- code repository for this Presentation
- Develop Your Own Rat
- Dirty Vanity: A New Approach to Code Injection & EDR Bypass - Black Hat Europe 2022
Black Hat Europe 2022
- EDR Evasion Primer for Red Teamers - Karsten Nohl & Jorge Gimenez - Hack in the Box 2022 Singapore
Karsten Nohl & Jorge Gimenez - Hack in the Box 2022 Singapore
- EDR Reloaded: Erase Data Remotely - Black Hat Asia 2024 | Briefings Schedule
Briefings Schedule
- EvilEDR: Repurposing EDR as an Offensive Tool - USENIX Security 2025
USENIX Security 2025
Tool
- d1rkmtrr/dark-kill: A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.
- georgesotiriadis/Chimera: Automated DLL Sideloading Tool With EDR Evasion Capabilities
- jthuraisamy/SysWhispers2: Direct system call generator to bypass userland API hooks
- klezVirus/inceptor: Template-Driven AV/EDR Evasion Framework
- klezVirus/SysWhispers3: Generate header/ASM files implants can use to make direct system calls
- myzxcg/RealBlindingEDR: Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Book
- Evading EDR | No Starch Press
No Starch Press
Other awesome series
Showing a sample of 71 resources. View the full list on GitHub →