fireeye / cWMI

Related projects: ⓘ

• OmerYa / Babel-Shellfish
  Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
  ☆41Updated 5 years ago
• maraudershell / Marauder
  ☆76Updated this week
• jackson5sec / ShimDB
  Shim database persistence (Fin7 TTP)
  ☆35Updated 4 years ago
• nccgroup / Royal_APT
  Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
  ☆52Updated 6 years ago
• byt3bl33d3r / Invoke-AutoIt
  Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes
  ☆60Updated 7 years ago
• cybercitizen7 / Ps1jacker
  Ps1jacker is a tool for generating COM Hijacking payload.
  ☆61Updated 6 years ago
• FuzzySecurity / BH-Arsenal-2019
  SilkETW & SilkService
  ☆40Updated 5 years ago
• davehardy20 / PoSHBypass
  ☆24Updated 6 years ago
• darkquasar / WMI_Persistence
  A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
  ☆85Updated 6 years ago
• outflanknl / DoH_c2_Trigger
  Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
  ☆52Updated 5 years ago
• ConsciousHacker / GreatSCT
  The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…
  ☆28Updated 6 years ago
• clr2of8 / EvilClippy
  A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…
  ☆20Updated 3 years ago
• antman1p / SharpProcEnum
  .NET tool for enumeration processes and dumping memory.
  ☆56Updated 5 years ago
• 001SPARTaN / csfm
  Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
  ☆64Updated 6 years ago
• jeperez / windows-operating-system-archaeology
  windows-operating-system-archaeology @Enigma0x3 @subTee
  ☆44Updated 7 years ago
• DissectMalware / MalwareCMDMonitor
  Shows command lines used by latest instances analyzed on Hybrid-Analysis
  ☆43Updated 6 years ago
• curtbraz / Invoke-NeutralizeAV
  Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting
  ☆41Updated 5 years ago
• arieljt / VTSubmitter-Maltego
  A Maltego transform for VirusTotal Submitter Information
  ☆30Updated 5 years ago
• vletoux / DetectPasswordViaNTLMInFlow
  Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …
  ☆57Updated 5 years ago
• evild3ad / isodump
  isodump - ISO dump utility
  ☆38Updated 5 years ago
• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆39Updated 4 years ago
• daddycocoaman / IronPentest
  Collection of IronPython scripts and executables for penetration testing
  ☆55Updated 5 years ago
• 3gstudent / bitsadminexec
  Use bitsadmin to maintain persistence and bypass Autoruns
  ☆67Updated 7 years ago
• mortychannel / lnkexploit
  ☆43Updated 5 years ago
• panagioto / SyscallHide
  Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.
  ☆74Updated 4 years ago
• ChrisAD / ads-payload
  Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…
  ☆52Updated 5 months ago
• rmdavy / WordAmsiBypass
  ☆37Updated 5 years ago
• malwarialabs / DerbyCon2019
  ☆62Updated this week
• matthewdunwoody / POSHSPY
  POSHSPY backdoor code
  ☆43Updated 7 years ago
• homjxi0e / ReaCOM
  ReaCOM has got a lot of tools to use and is related to component object model
  ☆73Updated 4 years ago