Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

This map lists the essential techniques to bypass anti-virus and EDR

Adversary tradecraft detection, protection, and hunting

An Active Defense and EDR software to empower Blue Teams

iMonitor（冰镜 - 终端行为分析系统）

Open Source EDR for Windows

Enumerate and disable common sources of telemetry used by AV/EDR.

Evasive shellcode loader for bypassing event-based injection detection (PoC)

Little user-mode AV/EDR evasion lab for training & learning purposes

Awesome EDR Bypass Resources For Ethical Hacking

Carbon Black API - Python language bindings

The world's most powerful System Activity Monitor Engine · 一款功能强大的终端行为采集防御开发套件 ~ 旨在帮助EDR、零信任、数据安全、审计管控等终端安全软件可以快速实现产品功能， 而不用关心底层驱动的开发、维护和兼容性问题，让其可以专注于业务开发

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

a tool to help operate in EDRs' blind spots

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

Security product hook detection

PoC memory injection detection agent based on ETW, for offensive and defensive research purposes

Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs