3gstudent / ntfsDump

Related projects: ⓘ

• NUL0x4C / ApiHashing
  ☆100Updated this week
• waawaa / AMSI_Rubeus_bypass
  ☆61Updated 2 years ago
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆50Updated last year
• Hagrid29 / RemotePatcher
  Patch AMSI and ETW in remote process via direct syscall
  ☆78Updated 2 years ago
• zimnyaa / noWatch
  Implant drop-in for EDR testing
  ☆126Updated 10 months ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆66Updated last year
• reveng007 / CheckHooks-n-load
  ☆107Updated this week
• SpikySabra / Kernel-Cactus
  It's pointy and it hurts!
  ☆120Updated last year
• apokryptein / secinject
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆87Updated 2 years ago
• X-C3LL / SharpNTLMRawUnHide
  C# version of NTLMRawUnHide
  ☆71Updated last year
• joe-desimone / patriot
  ☆123Updated 2 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• rasta-mouse / PPEnum
  Simple BOF to read the protection level of a process
  ☆101Updated last year
• mansk1es / GhostFart
  ☆132Updated last year
• passthehashbrowns / BOFMask
  ☆105Updated last year
• RedTeamOperations / VEH-PoC
  ☆97Updated last year
• Cracked5pider / LsaParser
  ☆99Updated this week
• joe-desimone / rep-research
  ☆62Updated last month
• xalicex / LOLDrivers_finder
  ☆70Updated last year
• Octoberfest7 / JumpSession_BOF
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆73Updated 2 years ago
• iamagarre / BadExclusionsNWBO
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆69Updated 7 months ago
• SecIdiot / TitanLdr
  ☆87Updated this week
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆82Updated last year
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆93Updated last year
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆120Updated last year
• xforcered / Detect-Hooks
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆94Updated 3 years ago
• Wh04m1001 / DiagTrackEoP
  ☆87Updated 2 years ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• codewhitesec / SysmonEnte
  ☆68Updated last year
• xpn / WAMBam
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆109Updated last year
• SecIdiot / minbeacon
  ☆68Updated this week