hackerhouse-opensource / WMIProcessWatcher

Related projects ⓘ

Alternatives and complementary repositories for WMIProcessWatcher

• OtterHacker / Hooker
  ☆98Updated 3 weeks ago
• hackerhouse-opensource / Artillery
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆174Updated 10 months ago
• FuzzySecurity / BHUSA-2023
  ☆103Updated 4 months ago
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆325Updated 5 months ago
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆301Updated last year
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆209Updated 5 months ago
• hackerhouse-opensource / OffensiveLua
  Offensive Lua.
  ☆175Updated last year
• CICADA8-Research / MyMSIAnalyzer
  Analyse MSI files for vulnerabilities
  ☆109Updated 2 months ago
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆139Updated 3 months ago
• jsecurity101 / ETWInspector
  ☆153Updated 6 months ago
• xalicex / Killers
  Exploitation of process killer drivers
  ☆188Updated last year
• floesen / EventLogCrasher
  ☆181Updated 9 months ago
• sensepost / mydumbedr
  ☆105Updated 9 months ago
• Kudaes / ADPT
  DLL proxying for lazy people
  ☆136Updated 2 weeks ago
• ghostpepper108 / Evasion
  ☆105Updated last year
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆160Updated 2 weeks ago
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆190Updated 5 months ago
• Evi1Grey5 / Recursive-Loader
  Recursive Loader
  ☆102Updated last month
• Diverto / IPPrintC2
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆143Updated 6 months ago
• pmatula / Windows-Internals-Learning-Resources
  ☆95Updated 2 months ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆95Updated 7 months ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls
  Implementing the ghostly hollowing PE injection technique using tampered syscalls.
  ☆125Updated 5 months ago
• deepinstinct / ShimMe
  ☆124Updated 3 weeks ago
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆110Updated last year
• CCob / Shwmae
  ☆129Updated last month
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆236Updated 7 months ago
• MzHmO / Parasite-Invoke
  Hide your P/Invoke signatures through other people's signed assemblies
  ☆202Updated 8 months ago
• ZERODETECTION / MSC_Dropper
  ☆126Updated 3 months ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆209Updated 2 months ago
• rtfmkiesel / loldrivers-client
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆79Updated 9 months ago