adamdriscoll / AMSI
PowerShell Module for the Antimalware Scan Interface (AMSI)
☆25Updated 8 years ago
Alternatives and similar repositories for AMSI:
Users that are interested in AMSI are comparing it to the libraries listed below
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 4 years ago
- ☆51Updated 6 years ago
- Trace ScriptBlock execution for powershell v2☆39Updated 5 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Updated 8 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Updated 7 years ago
- ☆62Updated 8 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 8 years ago
- Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes☆60Updated 7 years ago
- Basic demo for Hidden Treasure talk.☆49Updated 7 years ago
- windows-operating-system-archaeology @Enigma0x3 @subTee☆44Updated 7 years ago
- A set of demos and a PowerShell module to interact with DotNetInterop.☆67Updated 6 years ago
- A PowerShell binding for the Unicorn Engine☆17Updated 9 years ago
- Set of ultra technical notes about AD☆18Updated 6 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆148Updated 3 years ago
- A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions☆54Updated 8 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆51Updated last year
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆93Updated 7 years ago
- PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later☆20Updated 8 years ago
- ReaCOM has got a lot of tools to use and is related to component object model☆73Updated 4 years ago
- A Generic Windows Memory Scraping Tool☆70Updated 7 years ago
- ☆21Updated 8 years ago
- Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …☆57Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆41Updated 6 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆61Updated last year
- Run Managed Assemblies with RunDll☆16Updated 6 years ago
- InsecurePowerShellHost is a .NET Core host process for InsecurePowerShell, a version of PowerShell Core v6.0.0 with key security features…☆30Updated 7 years ago