☆221Apr 2, 2018Updated 7 years ago
Alternatives and similar repositories for ClrGuard
Users that are interested in ClrGuard are comparing it to the libraries listed below
Sorting:
- A set of demos and a PowerShell module to interact with DotNetInterop.☆69Apr 7, 2018Updated 7 years ago
- ☆52Sep 17, 2018Updated 7 years ago
- ☆826Jun 1, 2023Updated 2 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆42May 9, 2019Updated 6 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- A tool to create a JScript file which loads a .NET v2 assembly from memory.☆1,318Jan 18, 2021Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- A memory scanning evasion technique☆901May 24, 2017Updated 8 years ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆370Feb 7, 2019Updated 7 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆198Dec 6, 2022Updated 3 years ago
- C# Implementation of the Hell's Gate VX Technique☆216Jun 30, 2020Updated 5 years ago
- ☆108Mar 21, 2017Updated 9 years ago
- ☆234Sep 10, 2017Updated 8 years ago
- View ETW Provider manifest☆576Nov 1, 2024Updated last year
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆101Jan 7, 2018Updated 8 years ago
- ETW Python Library☆293Aug 11, 2023Updated 2 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- POC for IAT Parsing Payloads☆48Jan 1, 2017Updated 9 years ago
- Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode☆2,511Nov 15, 2023Updated 2 years ago
- Exploit primitives for PowerShell☆437Mar 25, 2018Updated 7 years ago
- Remote Recon and Collection☆460Nov 23, 2017Updated 8 years ago
- PowerShell Remote Download Cradle Generator & Obfuscator☆854Mar 23, 2018Updated 7 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆843Jun 25, 2024Updated last year
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago
- A tool to create COM class/interface relationships in neo4j☆50Oct 12, 2022Updated 3 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago
- An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.☆534Jul 2, 2025Updated 8 months ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆266Nov 18, 2022Updated 3 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆139Aug 3, 2017Updated 8 years ago
- ☆23May 28, 2021Updated 4 years ago
- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)☆1,616Dec 10, 2018Updated 7 years ago
- ☆119Aug 7, 2022Updated 3 years ago
- Windows (ShadowMove) Socket Duplication☆88Apr 19, 2020Updated 5 years ago
- A Bring Your Own Land Toolkit that Doubles as a WMI Provider☆289Oct 31, 2018Updated 7 years ago
- Ruxcon2016 POC Code☆141Nov 21, 2016Updated 9 years ago
- Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)☆761Jan 28, 2019Updated 7 years ago
- Token Privilege Research☆873Sep 1, 2017Updated 8 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago