BlackSnufkin / Invoke-DumpMDEConfig
PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )
☆147Updated 10 months ago
Alternatives and similar repositories for Invoke-DumpMDEConfig:
Users that are interested in Invoke-DumpMDEConfig are comparing it to the libraries listed below
- Continuous password spraying tool☆181Updated last month
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆161Updated 4 months ago
- A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts☆145Updated last week
- Python implementation of GhostPack's Seatbelt situational awareness tool☆257Updated 5 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆198Updated 10 months ago
- Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets. It uses RC4 encryption and Reed-Sol…☆90Updated 2 weeks ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆151Updated 11 months ago
- NukeAMSI is a powerful tool designed to neutralize the Antimalware Scan Interface (AMSI) in Windows environments.☆152Updated 3 months ago
- Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data☆101Updated this week
- Our Tips&Tricks☆115Updated 2 months ago
- Azure Post Exploitation Framework☆197Updated last month
- Inject RDPThief into memory with PowerShell.☆62Updated 3 months ago
- Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …☆193Updated 6 months ago
- Weaponizing DCOM for NTLM Authentication Coercions☆206Updated 2 weeks ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆146Updated 11 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆197Updated 2 months ago
- ☆170Updated 5 months ago
- C2 Infrastructure Automation☆98Updated last month
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆163Updated 4 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆198Updated 6 months ago
- Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.☆52Updated 2 weeks ago
- ☆313Updated 3 weeks ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆183Updated last month
- ShadowPhish is an advanced APT awareness toolkit designed to simulate real-world phishing, malware delivery, deepfakes, smishing/vishing,…☆92Updated last week
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆155Updated last month
- ☆215Updated 6 months ago
- Snaffler reimplementation in Python - https://github.com/SnaffCon/Snaffler☆100Updated 5 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆88Updated this week
- ☆153Updated 8 months ago
- RedInfraCraft automates the deployment of powerful red team infrastructures! It streamlines the setup of C2s, makes it easy to create adv…☆139Updated 3 weeks ago