Alternatives and similar repositories for cWMI

Users that are interested in cWMI are comparing it to the libraries listed below

• roo7cause / Ps1jacker
  Ps1jacker is a tool for generating COM Hijacking payload.
  ☆60Updated 9 months ago
• OmerYa / Babel-Shellfish
  Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
  ☆43Updated 7 years ago
• eset / volatility-browserhooks
  Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
  ☆40Updated 6 years ago
• FuzzySecurity / BH-Arsenal-2019
  SilkETW & SilkService
  ☆40Updated 6 years ago
• ChrisAD / ads-payload
  Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…
  ☆52Updated last year
• jackson5sec / ShimDB
  Shim database persistence (Fin7 TTP)
  ☆37Updated 5 years ago
• DissectMalware / MalwareCMDMonitor
  Shows command lines used by latest instances analyzed on Hybrid-Analysis
  ☆43Updated 7 years ago
• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆40Updated 5 years ago
• vletoux / DetectPasswordViaNTLMInFlow
  Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …
  ☆59Updated 6 years ago
• dmaasland / mcafee-config-decrypt
  ☆60Updated 5 years ago
• mandiant / rvmi-rekall
  Rekall Forensics and Incident Response Framework with rVMI extensions
  ☆32Updated 4 years ago
• outflanknl / DoH_c2_Trigger
  Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
  ☆53Updated 7 years ago
• telsy-cyberops / research
  Telsy CTI Research Team
  ☆57Updated 4 years ago
• darkquasar / WMI_Persistence
  A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
  ☆87Updated 8 years ago
• mortychannel / lnkexploit
  ☆43Updated 6 years ago
• limbenjamin / TCPHound
  Win32 utility for auditing TCP connections
  ☆56Updated 5 years ago
• DissectMalware / OfficeForensicTools
  A set of tools for collecting forensic information
  ☆27Updated 5 years ago
• Arno0x / TCPRelayInjecter2
  Tool for injecting a "TCP Relay" managed assembly into an unmanaged process
  ☆65Updated 6 years ago
• mnemonic-no / dnscache
  Volatility memory forensics plugin for extracting Windows DNS Cache
  ☆29Updated 8 years ago
• seifreed / awesome-sandbox-evasion
  A summary about different projects/presentations/tools to test how to evade malware sandbox systems
  ☆55Updated 6 years ago
• aaronst / talks
  Presentation materials for talks I've given.
  ☆20Updated 6 years ago
• DimopoulosElias / SimpleMimikatzObfuscator
  A set of commands to bypass Defender (and some other AVs)
  ☆20Updated 6 years ago
• davehardy20 / PoSHBypass
  ☆25Updated 7 years ago
• curtbraz / Invoke-NeutralizeAV
  Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting
  ☆41Updated 6 years ago
• williballenthin / python-sdb
  Pure Python parser for Application Compatibility Shim Databases (.sdb files)
  ☆109Updated 4 years ago
• matthewdunwoody / POSHSPY
  POSHSPY backdoor code
  ☆44Updated 8 years ago
• nccgroup / Royal_APT
  Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
  ☆53Updated 7 years ago
• tasox / LogRM
  LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network
  ☆74Updated 6 years ago
• v1ado / HIPS_LIPS
  Community maintained list of most popular HIPS service and process names on a Windows Platform.
  ☆43Updated 3 years ago
• redcanaryco / wwhf
  Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019.
  ☆64Updated 6 years ago