Alternatives and similar repositories for PrefetchFileParser

Users that are interested in PrefetchFileParser are comparing it to the libraries listed below

• codewhitesec / SysmonEnte
  ☆78Updated 3 years ago
• OtterHacker / Hooker
  ☆108Updated last year
• ph3n1x007 / EarlyBirdNTDLL
  ☆37Updated 2 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆65Updated 2 years ago
• yo-yo-yo-jbo / commandline_spoofing
  Commandline spoofing on Windows
  ☆92Updated 2 months ago
• 0xTriboulet / emerald_template
  A cmake template for crystal palace
  ☆38Updated last month
• gatariee / ldrgen
  Template-based generation of shellcode loaders
  ☆80Updated last year
• SafeBreach-Labs / CortexVortex
  ☆80Updated last year
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Updated last year
• whokilleddb / sinister-vsix
  Blog/Journal on how to backdoor VSCode extensions
  ☆76Updated 6 months ago
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆76Updated 2 years ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆49Updated 3 years ago
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆46Updated 2 years ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆75Updated 3 months ago
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆42Updated 10 months ago
• joe-desimone / rep-research
  ☆79Updated last year
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆41Updated 2 years ago
• tijme / conferences
  Some of the presentations, workshops, and labs I gave at public conferences.
  ☆34Updated 3 months ago
• 0xRedpoll / SignalKeyBOF
  BOF to decrypt Signal Desktop chat logs
  ☆72Updated 11 months ago
• HullaBrian / COMmander
  .NET tool used to enrich RPC telemetry
  ☆101Updated 2 weeks ago
• SafeBreach-Labs / RPC-Racer
  Toolset to manipulate RPC clients by finding delayed services and masquerading as them
  ☆106Updated 5 months ago
• iamagarre / BadExclusionsNWBO
  BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
  ☆75Updated last year
• NUL0x4C / HookingLsassForCredentials
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61Updated 8 months ago
• WKL-Sec / slack-udc2
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆60Updated last month
• dmcxblue / NtCreateUserProcessBOF
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆30Updated last year
• synacktiv / keebcap
  Win32 keylogger that supports all (non-ime using) languages correctly
  ☆53Updated 2 years ago
• klezVirus / koppeling-p
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Updated last year
• pard0p / Self-Cleaning-PICO-Loader
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆48Updated 3 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆44Updated 2 years ago
• 0xTriboulet / rssh-rs
  ☆55Updated 8 months ago