Overview of MS Defender
☆118Feb 20, 2026Updated last month
Alternatives and similar repositories for defender_overview
Users that are interested in defender_overview are comparing it to the libraries listed below
Sorting:
- PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.☆32Dec 31, 2025Updated 2 months ago
- BYOVD: Use 360 WFP driver to block EDR/XDR network connection.☆104Feb 10, 2026Updated last month
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆59Mar 1, 2026Updated 2 weeks ago
- ☆18Jun 4, 2025Updated 9 months ago
- ☆28Updated this week
- ☆37Nov 8, 2024Updated last year
- ASPX Web Shell with COFF Loader☆122Mar 10, 2026Updated last week
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆121Dec 23, 2025Updated 2 months ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Bring your own Unwind Data Framework☆77Updated this week
- The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver☆41Mar 13, 2026Updated last week
- A Rust template for writing Beacon Object Files (BOFs)☆113Feb 11, 2026Updated last month
- Convert your shellcode into an ASCII string☆127Jun 27, 2025Updated 8 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆91Jan 2, 2026Updated 2 months ago
- ☆37Feb 12, 2026Updated last month
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆65Jan 5, 2026Updated 2 months ago
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆103Jan 9, 2026Updated 2 months ago
- RunPE implementation with multiple evasive techniques (2)☆277Sep 25, 2025Updated 5 months ago
- Blog/Journal on how to backdoor VSCode extensions☆78Feb 24, 2026Updated 3 weeks ago
- Research into Undocumented Behavior of Azure AD Refresh Tokens☆13Oct 27, 2023Updated 2 years ago
- A stager and implant that executes remote Web Assembly☆37Feb 4, 2026Updated last month
- A python script that automates a C2 Profile build☆48Dec 14, 2025Updated 3 months ago
- A cmake template for crystal palace☆39Dec 20, 2025Updated 3 months ago
- PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads☆241Oct 30, 2025Updated 4 months ago
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- A hoontr must hoont☆106Nov 27, 2025Updated 3 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 10 months ago
- Manage and maintain Defender XDR custom collection configuration☆34Nov 19, 2025Updated 4 months ago
- Integer overflow in FreeType software, which also affects Chrome☆29Aug 27, 2025Updated 6 months ago
- ☆107Jan 4, 2023Updated 3 years ago
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated 2 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆37Aug 5, 2025Updated 7 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 11 months ago
- ☆12Oct 24, 2022Updated 3 years ago
- ☆13Feb 10, 2022Updated 4 years ago
- EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. The toolkit helps identify…☆125Feb 25, 2026Updated 3 weeks ago
- A BloodHound collector written in Go that discovers Linux and SSH attack paths. Outputs OpenGraph JSON and integrates with existing Sharp…☆71Feb 27, 2026Updated 3 weeks ago