Skip to content
/ EDRStartupHinder Public

EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.

179 stars 32 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TwoSevenOneT/EDRStartupHinder

BranchesTags

Repository files navigation

EDRStartupHinder

EDRStartupHinder prevents Antivirus and EDR from running by redirecting a core DLL in the System32 folder to another location during Windows startup.

Command Line Syntax

EDRStartupHinder.exe <FakeLib> <OriginalLib> <EDRProcess> <ServiceName> <ServiceGroup>

EDRStartupHinder.exe <VirtualPath>

To remove a link that was previously created

Links

EDRStartupHinder: EDR Startup Process Blocker

Demo Video

Youtube EDR-Redir V2: https://youtu.be/mSywzuGsirU

Author:

Two Seven One Three

Tools For Security Researcher and Hacker

Essential hardware tools that every security researcher and hacker should have in their toolkit:

Essential Tools For Security Researcher and Hacker

READING

Some books you should read to sharpen your cybersecurity skills, especially in offensive security:

Books on Programming and Cybersecurity recommended by Zero Salarium Researchers

About

EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.

Resources

Readme
Activity

Stars

179 stars

Watchers

2 watching

Forks

32 forks
Report repository

Releases 1

Version 1.0 Latest
Jan 11, 2026

Packages

No packages published

Languages