darkquasar / WMI_PersistenceLinks
A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
☆86Updated 7 years ago
Alternatives and similar repositories for WMI_Persistence
Users that are interested in WMI_Persistence are comparing it to the libraries listed below
Sorting:
- An offensive Powershell console☆30Updated 9 years ago
- Useful Threat Hunting Stuff☆32Updated 4 years ago
- ☆52Updated 6 years ago
- Talk given at DerbyCon and RuxCon 2016☆22Updated 8 years ago
- ☆97Updated 9 years ago
- Powershell Persistence Locator☆66Updated 8 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆104Updated 8 years ago
- ☆59Updated 6 years ago
- ☆113Updated 8 years ago
- Open Source Office Malware Generation & Polymorphic Engine for Red Teams and QA testing☆95Updated 8 years ago
- Comprehensive Pivoting Framework☆20Updated 8 years ago
- ☆108Updated 8 years ago
- ☆17Updated 9 years ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆135Updated 6 years ago
- A sample bot for Cobalt Strike 3☆22Updated 9 years ago
- ☆83Updated 9 years ago
- Crack your macros like the math pros.☆33Updated 8 years ago
- Generate ATT&CK Navigator layer file from PowerShell Empire agent logs☆49Updated 6 years ago
- Proof of concept VBA code to add to Normal.dot to put restrictions on Word☆41Updated 8 years ago
- Sandbox feature upgrade with the help of wrapped samples☆76Updated 7 years ago
- ☆19Updated 8 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Updated 9 years ago
- Basic demo for Hidden Treasure talk.☆49Updated 7 years ago
- ☆58Updated 8 years ago
- NCC Group Ransomware Simulator☆69Updated 9 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- SilkETW & SilkService☆40Updated 5 years ago
- Sysmon config for both Windows and Linux Devices. Windows one is a bit dated☆57Updated last year
- Simple DDE object detector☆56Updated 7 years ago
- Generates anti-sandbox analysis HTA files without payloads☆120Updated 8 years ago