This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging.
LoadLibrary for offensive operations
C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll, kernel32.dll, advapi32.dll, and kernelbase.dll). SharpUnhooker helps you to evades user-land monitoring done by AVs and/or EDRs by cleansing/refreshing API DLLs that loaded on the process (Offensive Side) or remove API…
.Net 3.5 / 4.5 Assembly to block ETW telemetry in a process
The main features of soledge/blocketw are: Defense Evasion, EDR and Logging Evasion.
Open-source alternatives to soledge/blocketw include: ccob/sharpblock. yaxser/backstab — Have these local admin credentials but the EDR is standing in the way? Unhooking or direct syscalls are not working… bats3c/darkloadlibrary — LoadLibrary for offensive operations. bats3c/evtmute — This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event… getrektboy724/sharpunhooker — C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll, kernel32.dll, advapi32.dll, and… lolbas-project/lolbas — LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security…