KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender which is based on research by Gabriel Landau. The article can be found here.
The main features of cerbersec/killdefenderbof are: Defense Evasion.
Open-source alternatives to cerbersec/killdefenderbof include: lolbas-project/lolbas — LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security… aptortellini/undefender — unDefender is the C++ implementation of a technique originally described by @jonasLyk in this Twitter thread. At its… bats3c/darkloadlibrary — LoadLibrary for offensive operations. bats3c/evtmute — This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event… ccob/sharpblock. api0cradle/ultimateapplockerbypasslist — The goal of this repository is to document the most common techniques to bypass AppLocker.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
unDefender is the C++ implementation of a technique originally described by @jonasLyk in this Twitter thread. At its core, this technique revolves around changing the \Device\BootDevice symbolic link in the Windows Object Manager so that when Defender's WdFilter driver is unloaded and loaded…
LoadLibrary for offensive operations
The goal of this repository is to document the most common techniques to bypass AppLocker.