CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"
☆50Mar 2, 2022Updated 4 years ago
Alternatives and similar repositories for Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW
Users that are interested in Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW are comparing it to the libraries listed below
Sorting:
- ☆19Jul 9, 2022Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- SharpReg is a simple code set to interact with the Remote Registry service api and is compatible with Cobalt Strike.☆28Apr 12, 2020Updated 5 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- LoadLibrary for offensive operations☆33Dec 14, 2021Updated 4 years ago
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- ☆23May 28, 2021Updated 4 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆107Mar 8, 2023Updated 3 years ago
- use shellcode as asm function☆23Mar 29, 2022Updated 3 years ago
- ☆42Apr 22, 2021Updated 4 years ago
- Sniffing files generator☆62Feb 24, 2025Updated last year
- ☆776Oct 17, 2023Updated 2 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- A technique of hiding malicious shellcode via Shannon encoding.☆264Oct 23, 2022Updated 3 years ago
- ☆17Mar 6, 2023Updated 3 years ago
- POC tool to abuse windows server failover clusters☆55Aug 7, 2025Updated 7 months ago
- ☆113May 24, 2022Updated 3 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.☆22Oct 6, 2021Updated 4 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆21Nov 28, 2025Updated 3 months ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Create Cobalt Strike malleable C2 profiles with HTTPS configs☆18May 23, 2020Updated 5 years ago
- Research into COM☆19Jan 25, 2020Updated 6 years ago
- A nim port of C5pider's Ekko project.☆17Oct 1, 2022Updated 3 years ago
- A tool to analyze Ntds.dit files once the NTLM and LM hashes have been cracked.☆15May 13, 2021Updated 4 years ago
- A Windows tool that converts LDIF files to BloodHound CE☆27Dec 20, 2025Updated 2 months ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- ☆55Sep 13, 2022Updated 3 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆170Jan 25, 2024Updated 2 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Run python from a single exe☆35May 1, 2022Updated 3 years ago
- Pseudorandom AES-256 encryption designed to protect shellcode and arbitrary strings. C# and C/C++ compatible.☆102Jan 7, 2022Updated 4 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- This project is a tool for detecting nudity in images, allowing users to analyze both local images and images from URLs. It utilizes the …☆21Sep 28, 2024Updated last year
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago