PacktPublishing / Windows-APT-Warfare
Windows APT Warfare, published by Packt
☆66Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Windows-APT-Warfare
- ☆111Updated 2 years ago
- ☆73Updated last year
- ☆72Updated 6 months ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆49Updated last year
- ☆133Updated last year
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆108Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆114Updated 5 months ago
- Finding secrets in kernel and user memory☆113Updated last year
- It's pointy and it hurts!☆122Updated 2 years ago
- ☆128Updated 2 years ago
- ☆40Updated last year
- ☆66Updated 3 months ago
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- Create Anti-Copy DRM Malware☆42Updated 2 months ago
- Experiment on reproducing Obfuscate & Sleep☆138Updated 3 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆159Updated last year
- Simple BOF to read the protection level of a process☆104Updated last year
- Piece of code to detect and remove hooks in IAT☆58Updated 2 years ago
- ☆82Updated 2 years ago
- ☆104Updated 9 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆95Updated 6 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆111Updated 2 months ago
- Malware?☆70Updated last month
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆86Updated 2 years ago
- Do some DLL SideLoading magic☆74Updated last year
- ☆105Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- ☆61Updated 2 years ago