Alternatives and similar repositories for cWMI

Users that are interested in cWMI are comparing it to the libraries listed below

• FuzzySecurity / BH-Arsenal-2019
  SilkETW & SilkService
  ☆40Updated 6 years ago
• OmerYa / Babel-Shellfish
  Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
  ☆43Updated 6 years ago
• roo7cause / Ps1jacker
  Ps1jacker is a tool for generating COM Hijacking payload.
  ☆60Updated 7 months ago
• nccgroup / Royal_APT
  Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
  ☆53Updated 7 years ago
• vletoux / DetectPasswordViaNTLMInFlow
  Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …
  ☆60Updated 6 years ago
• eset / volatility-browserhooks
  Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
  ☆41Updated 6 years ago
• byt3bl33d3r / Invoke-AutoIt
  Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes
  ☆62Updated 8 years ago
• bvoris / SettingContent-MS-File-Execution
  SettingContent-MS File Execution vulnerability in Windows 10
  ☆24Updated 7 months ago
• ChrisAD / ads-payload
  Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…
  ☆52Updated last year
• aleksost / MemoryDecompression
  Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.
  ☆51Updated 6 years ago
• mortychannel / lnkexploit
  ☆43Updated 6 years ago
• jeperez / windows-operating-system-archaeology
  windows-operating-system-archaeology @Enigma0x3 @subTee
  ☆47Updated 8 years ago
• outflanknl / DoH_c2_Trigger
  Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
  ☆52Updated 6 years ago
• matthewdunwoody / POSHSPY
  POSHSPY backdoor code
  ☆44Updated 8 years ago
• mnemonic-no / dnscache
  Volatility memory forensics plugin for extracting Windows DNS Cache
  ☆29Updated 8 years ago
• DissectMalware / MalwareCMDMonitor
  Shows command lines used by latest instances analyzed on Hybrid-Analysis
  ☆43Updated 7 years ago
• Arno0x / TCPRelayInjecter2
  Tool for injecting a "TCP Relay" managed assembly into an unmanaged process
  ☆65Updated 6 years ago
• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆40Updated 5 years ago
• rapid7 / rex-powershell
  Rex library for dealing with Powershell Scripts
  ☆53Updated last month
• dmaasland / mcafee-config-decrypt
  ☆60Updated 5 years ago
• davehardy20 / PoSHBypass
  ☆25Updated 7 years ago
• aaronst / talks
  Presentation materials for talks I've given.
  ☆20Updated 5 years ago
• telsy-cyberops / research
  Telsy CTI Research Team
  ☆57Updated 4 years ago
• Big5-sec / SourceFu
  hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…
  ☆40Updated 6 years ago
• tasox / LogRM
  LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network
  ☆74Updated 6 years ago
• 3gstudent / bitsadminexec
  Use bitsadmin to maintain persistence and bypass Autoruns
  ☆66Updated 8 years ago
• 001SPARTaN / csfm
  Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
  ☆65Updated 7 years ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆68Updated last year
• daddycocoaman / IronPentest
  Collection of IronPython scripts and executables for penetration testing
  ☆55Updated 6 years ago
• kafkaesqu3 / subtee-gist-mirror
  few months old but better than nothing
  ☆58Updated 3 years ago