Windows APT Warfare, published by Packt
☆75Mar 11, 2023Updated 2 years ago
Alternatives and similar repositories for Windows-APT-Warfare
Users that are interested in Windows-APT-Warfare are comparing it to the libraries listed below
Sorting:
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- ☆17May 22, 2024Updated last year
- Home of https://redteam.guide☆15Sep 19, 2022Updated 3 years ago
- ☆12Oct 9, 2022Updated 3 years ago
- Hooked create process injection for meterpreter☆23Jun 16, 2021Updated 4 years ago
- Reflective DLL self-loading as a library☆21May 3, 2025Updated 10 months ago
- Cisco CallManager User Enumeration☆15Aug 16, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆66Jul 7, 2022Updated 3 years ago
- ☆13Jan 12, 2022Updated 4 years ago
- Reports and POCs for CVE 2024-43570 and CVE-2024-43535☆29Jun 7, 2025Updated 9 months ago
- ☆34May 14, 2018Updated 7 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆93Dec 2, 2025Updated 3 months ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated last year
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Aug 11, 2023Updated 2 years ago
- This is a repo for small, useful scripts and extensions☆258Jun 1, 2023Updated 2 years ago
- Tools and PoCs for Windows syscall investigation.☆367Dec 2, 2025Updated 3 months ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆246Aug 2, 2023Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- Full reversing of the Microsoft Auxiliary Windows API Library and ported to C☆24Dec 17, 2024Updated last year
- Now You See Me, Now You Don't☆1,027Jan 23, 2026Updated last month
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆675Dec 23, 2022Updated 3 years ago
- A small Python-Script to extract NetNTLMv2 Hashes from NTMLssp-HTTP-Authentications, which were captured in a pcap.☆25Mar 5, 2023Updated 3 years ago
- Simulate the behavior of AV/EDR for malware development training.☆564Feb 15, 2024Updated 2 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆394Jan 9, 2024Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- source code for the examples and topics from the book☆10Mar 11, 2019Updated 6 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- NASM listing to shellcode converter☆14May 6, 2018Updated 7 years ago
- Slide deck for DEF CON 30 - Read Team Village - Offensive Wireless Security presentation☆13Aug 16, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Released alongside with a talk at REcon 2023, TheRestarter is an interactive command-line tool is designed to interact with the Windows …☆15Jun 8, 2023Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆921Jul 20, 2024Updated last year