daem0nc0re / SharpWnfSuiteLinks
C# Utilities for Windows Notification Facility
☆155Updated 4 months ago
Alternatives and similar repositories for SharpWnfSuite
Users that are interested in SharpWnfSuite are comparing it to the libraries listed below
Sorting:
- It's pointy and it hurts!☆126Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆106Updated 3 weeks ago
- ☆115Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆124Updated 2 years ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- ☆147Updated 3 years ago
- ☆112Updated 2 years ago
- Enabled / Disable LSA Protection via BYOVD☆74Updated 3 years ago
- Experiment on reproducing Obfuscate & Sleep☆146Updated 4 years ago
- ☆136Updated 3 years ago
- ☆76Updated last year
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆105Updated 3 years ago
- ☆83Updated last year
- A C# port of the MinHook API hooking library☆56Updated 2 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Updated 2 years ago
- ☆161Updated 2 years ago
- Detect strange memory regions and DLLs☆185Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆188Updated 2 years ago
- Inter-Process Communication Mechanisms☆28Updated 5 years ago
- List the ETW provider(s) in the registration table of a process.☆62Updated last year
- ☆100Updated 3 years ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆45Updated last year
- The code is a pingback to the Dark Vortex blog:☆181Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆55Updated 2 years ago
- ☆137Updated 2 years ago
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆163Updated 2 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆188Updated 3 years ago
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆65Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆82Updated 2 years ago
- Minifilter Callback Patching Proof-of-Concept☆72Updated 2 years ago