Wh04m1001 / SysmonEoPLinks
☆185Updated 2 years ago
Alternatives and similar repositories for SysmonEoP
Users that are interested in SysmonEoP are comparing it to the libraries listed below
Sorting:
- ☆160Updated 2 years ago
- A basic emulation of an "RPC Backdoor"☆243Updated 3 years ago
- ☆113Updated 3 years ago
- POC tools for exploring SMB over QUIC protocol☆127Updated 3 years ago
- ☆88Updated 3 years ago
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆107Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258Updated 2 years ago
- ☆245Updated 2 years ago
- Reuse open handles to dynamically dump LSASS.☆244Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆147Updated 3 years ago
- Weaponized HellsGate/SigFlip☆203Updated 2 years ago
- Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.☆125Updated 3 years ago
- ☆170Updated last year
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆101Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆300Updated 2 years ago
- Simple BOF to read the protection level of a process☆119Updated 2 years ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆120Updated last year
- Repository contains psexec, which will help to exploit the forgotten pipe☆170Updated 11 months ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆170Updated 2 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆186Updated 3 years ago
- DLL Hijack Search Order Enumeration BOF☆150Updated 3 years ago
- Coerce Windows machines auth via MS-EVEN☆168Updated last year
- Hookers are cooler than patches.☆170Updated 3 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆160Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆146Updated last year
- Patch AMSI and ETW☆246Updated last year
- A fake AMSI Provider which can be used for persistence.☆152Updated 4 years ago
- My implementation of the GIUDA project in C++☆187Updated 2 years ago
- Lateral Movement Using DCOM and DLL Hijacking☆318Updated 2 years ago
- Local & remote Windows DLL Proxying☆165Updated last year