☆220Apr 2, 2018Updated 7 years ago
Alternatives and similar repositories for ClrGuard
Users that are interested in ClrGuard are comparing it to the libraries listed below
Sorting:
- A set of demos and a PowerShell module to interact with DotNetInterop.☆69Apr 7, 2018Updated 7 years ago
- ☆52Sep 17, 2018Updated 7 years ago
- ☆825Jun 1, 2023Updated 2 years ago
- A tool to create a JScript file which loads a .NET v2 assembly from memory.☆1,317Jan 18, 2021Updated 5 years ago
- A memory scanning evasion technique☆899May 24, 2017Updated 8 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- POC for IAT Parsing Payloads☆48Jan 1, 2017Updated 9 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- View ETW Provider manifest☆574Nov 1, 2024Updated last year
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- ☆234Sep 10, 2017Updated 8 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆42May 9, 2019Updated 6 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode☆2,503Nov 15, 2023Updated 2 years ago
- Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)☆760Jan 28, 2019Updated 7 years ago
- An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.☆533Jul 2, 2025Updated 8 months ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆370Feb 7, 2019Updated 7 years ago
- ETW Python Library☆292Aug 11, 2023Updated 2 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆842Jun 25, 2024Updated last year
- Exploit primitives for PowerShell☆437Mar 25, 2018Updated 7 years ago
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆293Jun 27, 2017Updated 8 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆101Jan 7, 2018Updated 8 years ago
- Remote Recon and Collection☆459Nov 23, 2017Updated 8 years ago
- Windows (ShadowMove) Socket Duplication☆87Apr 19, 2020Updated 5 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago
- ☆23May 28, 2021Updated 4 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- C# Implementation of the Hell's Gate VX Technique☆216Jun 30, 2020Updated 5 years ago
- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)☆1,613Dec 10, 2018Updated 7 years ago
- Token Privilege Research☆872Sep 1, 2017Updated 8 years ago
- ☆408Mar 1, 2017Updated 9 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆162Apr 11, 2017Updated 8 years ago
- Recon 2015 Presentation from Alex Ionescu☆250Jan 27, 2016Updated 10 years ago
- PowerShell Remote Download Cradle Generator & Obfuscator☆853Mar 23, 2018Updated 7 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- Also known by Microsoft as Knifecoat☆1,153Dec 22, 2022Updated 3 years ago
- SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…☆290Aug 7, 2020Updated 5 years ago
- PowerShell Runspace Post Exploitation Toolkit☆1,546Aug 2, 2019Updated 6 years ago