Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
☆24Jun 27, 2025Updated 8 months ago
Alternatives and similar repositories for defender2yara
Users that are interested in defender2yara are comparing it to the libraries listed below
Sorting:
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine☆40Jul 29, 2025Updated 7 months ago
- Remote code execution in Power Platform connectors via JSON deserialization☆23Mar 30, 2023Updated 2 years ago
- GPOAnalyzer is a tool designed to assist in parsing domain Group Policy Object (GPO) files located in the SYSVOL directory.☆28Jun 14, 2024Updated last year
- Walking the PEB in VBA☆24Apr 6, 2020Updated 5 years ago
- Some of the presentations, workshops, and labs I gave at public conferences.☆34Oct 24, 2025Updated 4 months ago
- Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.☆23Feb 23, 2026Updated last week
- Monitoring tool to detect patterns or IOCs (strings, regex, VirusTotal) and alert you and your team via console, Telegram or SMS written …☆18Feb 17, 2026Updated 2 weeks ago
- Demo code JavaScript POC that tricks user into sending Windows hash to responder☆37Dec 12, 2025Updated 2 months ago
- A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.☆33Oct 1, 2021Updated 4 years ago
- More EFS coerced authentication method with PetitPotam.py☆27Mar 21, 2023Updated 2 years ago
- ☆28Dec 28, 2017Updated 8 years ago
- This program loads and shows the resources of binary files such as EXE and DLL☆16Jul 6, 2020Updated 5 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 2 years ago
- This repo contains code of JScript .NET which can be used as alternative to csc.exe to run potentially malicious code, which ships in all…☆13Nov 8, 2019Updated 6 years ago
- Picture-in-Picture button and other useful features☆16Oct 27, 2025Updated 4 months ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Hide .Net assembly into png images☆36Aug 11, 2019Updated 6 years ago
- 利用RPC服务,内网批量探测Windows出网☆14Jun 24, 2022Updated 3 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Shellcode Loader using indirect syscalls☆16Jan 21, 2024Updated 2 years ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Microsoft Applocker evasion tool☆39Nov 26, 2019Updated 6 years ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆51May 5, 2025Updated 9 months ago
- TeamServer.prop is an optional properties file used by the Cobalt Strike teamserver to customize the settings used to validate screenshot…☆68Aug 5, 2025Updated 6 months ago
- Spin up a reverse proxy quickly on Heroku☆15Dec 5, 2020Updated 5 years ago
- Ingest openldap data into bloodhound☆79Apr 1, 2021Updated 4 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆186Mar 14, 2025Updated 11 months ago
- early cascade injection PoC based on Outflanks blog post☆237Nov 7, 2024Updated last year
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆118May 2, 2024Updated last year
- ☆28Feb 11, 2026Updated 2 weeks ago
- ☆26Feb 11, 2025Updated last year
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- Python3 implementation of ADRecon with support for NTLM and Kerberos authentication querying LDAP. Generates individual CSV files and a s…☆50Feb 23, 2026Updated last week
- ☆43Jan 2, 2023Updated 3 years ago
- CVE-2024-40711-exp☆42Oct 17, 2024Updated last year
- ☆127Dec 12, 2025Updated 2 months ago