hackerhouse-opensource / WMIProcessWatcherLinks
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆135Updated last year
Alternatives and similar repositories for WMIProcessWatcher
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
Sorting:
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆176Updated last year
- ☆107Updated 7 months ago
- ☆189Updated last year
- ☆105Updated 11 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆260Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆348Updated 4 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated 11 months ago
- Offensive Lua.☆188Updated last year
- ☆131Updated last year
- ☆119Updated last year
- ☆135Updated 2 weeks ago
- A Mythic Agent written in PIC C.☆190Updated 4 months ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated last year
- "Service-less" driver loading☆155Updated 7 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆201Updated last year
- ☆155Updated 6 months ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- A bunch of scripts and code i wrote.☆141Updated 7 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆265Updated 9 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆206Updated 6 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆193Updated 2 years ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆112Updated 9 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆100Updated last year
- ☆67Updated 4 months ago
- Hide your P/Invoke signatures through other people's signed assemblies☆211Updated last year
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆110Updated last month
- ☆177Updated 10 months ago
- Various one-off pentesting projects written in Nim. Updates happen on a whim.☆158Updated this week