fireeye / cWMI
This project is a lightweight wrapper for interacting with WMI using python/ctypes
☆38Updated 6 years ago
Alternatives and similar repositories for cWMI:
Users that are interested in cWMI are comparing it to the libraries listed below
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- isodump - ISO dump utility☆40Updated 5 years ago
- A summary about different projects/presentations/tools to test how to evade malware sandbox systems☆51Updated 6 years ago
- Volatility Framework plugin to detect various types of hooks as performed by banking Trojans☆41Updated 6 years ago
- Ps1jacker is a tool for generating COM Hijacking payload.☆61Updated 2 months ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆75Updated 5 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Shim database persistence (Fin7 TTP)☆37Updated 5 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- Tool for injecting a "TCP Relay" managed assembly into an unmanaged process☆65Updated 5 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- ☆42Updated 5 years ago
- A Simple CLI App to mark all EXCEL sheets visible (i.e. sets "Very Hidden" and "Hidden" to "Visible")☆11Updated 5 years ago
- windows-operating-system-archaeology @Enigma0x3 @subTee☆23Updated 8 years ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- ☆11Updated 4 years ago
- SilkETW & SilkService☆40Updated 5 years ago
- Windows Event Log Knowledge Base☆23Updated 6 months ago
- A C# DLL to Dump LSA Secrets☆57Updated 7 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆19Updated 4 years ago
- Rekall Forensics and Incident Response Framework with rVMI extensions☆33Updated 4 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆30Updated 6 years ago
- Use bitsadmin to maintain persistence and bypass Autoruns☆66Updated 7 years ago
- SettingContent-MS File Execution vulnerability in Windows 10☆24Updated 2 months ago
- Specialized tool to dump Position Independent Code.☆22Updated 4 years ago