Alternatives and similar repositories for WMIProcessWatcher

Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below

• hackerhouse-opensource / Artillery
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆175Updated last year
• OtterHacker / Hooker
  ☆107Updated 7 months ago
• FuzzySecurity / BHUSA-2023
  ☆105Updated 10 months ago
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆141Updated 10 months ago
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆200Updated 11 months ago
• jsecurity101 / ETWInspector
  ☆158Updated last month
• CICADA8-Research / MyMSIAnalyzer
  Analyse MSI files for vulnerabilities
  ☆131Updated 9 months ago
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆314Updated last year
• MzHmO / Parasite-Invoke
  Hide your P/Invoke signatures through other people's signed assemblies
  ☆211Updated last year
• rad9800 / FileRenameJunctionsEDRDisable
  ☆155Updated 5 months ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆188Updated 4 months ago
• NtDallas / KrakenMask
  Sleep obfuscation
  ☆224Updated 5 months ago
• ArtemBaranov / WindowsRootkitsGuide
  ☆68Updated 4 months ago
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆167Updated 2 months ago
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆342Updated 3 months ago
• SafeBreach-Labs / wd-pretender
  ☆131Updated last year
• sensepost / mydumbedr
  ☆119Updated last year
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆218Updated 7 months ago
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆113Updated last month
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆46Updated last year
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆109Updated 8 months ago
• floesen / EventLogCrasher
  ☆188Updated last year
• CICADA8-Research / COMThanasia
  A set of programs for analyzing common vulnerabilities in COM
  ☆215Updated 8 months ago
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆228Updated 11 months ago
• Diverto / IPPrintC2
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆147Updated last year
• dr4k0nia / tooling-playground
  A collection of small scripts and tools for deobfuscation and malware analysis.
  ☆66Updated 2 years ago
• Karkas66 / CelestialSpark
  Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …
  ☆103Updated 2 months ago
• ZERODETECTION / MSC_Dropper
  ☆166Updated 10 months ago
• AlteredSecurity / Disable-TamperProtection
  A POC to disable TamperProtection and other Defender / MDE components
  ☆220Updated last year
• ghostpepper108 / Evasion
  ☆107Updated 2 years ago