daem0nc0re / SharpWnfSuiteLinks
C# Utilities for Windows Notification Facility
☆152Updated last month
Alternatives and similar repositories for SharpWnfSuite
Users that are interested in SharpWnfSuite are comparing it to the libraries listed below
Sorting:
- Experiment on reproducing Obfuscate & Sleep☆145Updated 4 years ago
- ☆115Updated 2 years ago
- ☆71Updated 2 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆249Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆103Updated 2 years ago
- ☆159Updated 2 years ago
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆163Updated 2 years ago
- A collection of weird ways to execute unmanaged code in .NET☆165Updated 4 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆123Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 10 months ago
- The code is a pingback to the Dark Vortex blog:☆173Updated 2 years ago
- ☆141Updated 2 years ago
- Detect strange memory regions and DLLs☆183Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆175Updated 2 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆188Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆196Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆109Updated 8 months ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆156Updated 4 years ago
- It's pointy and it hurts!☆126Updated 2 years ago
- ☆134Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆186Updated 2 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆188Updated 5 years ago
- Exploitation of echo_driver.sys☆170Updated last year
- Minifilter Callback Patching Proof-of-Concept☆71Updated 2 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Exploitation of process killer drivers☆201Updated last year
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Updated 2 years ago
- Exploitable drivers, you know what I mean☆132Updated last year
- You shall pass☆259Updated 2 years ago
- ☆96Updated 3 years ago