Alternatives and similar repositories for WMIProcessWatcher

Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below

• hackerhouse-opensource / Artillery
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆176Updated last year
• OtterHacker / Hooker
  ☆107Updated 7 months ago
• floesen / EventLogCrasher
  ☆189Updated last year
• FuzzySecurity / BHUSA-2023
  ☆105Updated 11 months ago
• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆314Updated last year
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆260Updated last year
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆348Updated 4 months ago
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆140Updated 11 months ago
• hackerhouse-opensource / OffensiveLua
  Offensive Lua.
  ☆188Updated last year
• SafeBreach-Labs / wd-pretender
  ☆131Updated last year
• sensepost / mydumbedr
  ☆119Updated last year
• rad9800 / byor
  ☆135Updated 2 weeks ago
• MythicAgents / Hannibal
  A Mythic Agent written in PIC C.
  ☆190Updated 4 months ago
• BeetleChunks / Obligato
  This project is an implant framework designed for long term persistent access to Windows machines.
  ☆110Updated last year
• Diverto / IPPrintC2
  PoC for using MS Windows printers for persistence / command and control via Internet Printing
  ☆147Updated last year
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆155Updated 7 months ago
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆201Updated last year
• rad9800 / FileRenameJunctionsEDRDisable
  ☆155Updated 6 months ago
• dr4k0nia / tooling-playground
  A collection of small scripts and tools for deobfuscation and malware analysis.
  ☆66Updated 2 years ago
• Cracked5pider / CodeCave
  A bunch of scripts and code i wrote.
  ☆141Updated 7 months ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆265Updated 9 months ago
• fin3ss3g0d / StoneKeeper
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆206Updated 6 months ago
• WKL-Sec / GregsBestFriend
  GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
  ☆193Updated 2 years ago
• ViperXSecurity / lib-nosa
  lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.
  ☆112Updated 9 months ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆100Updated last year
• ArtemBaranov / WindowsRootkitsGuide
  ☆67Updated 4 months ago
• MzHmO / Parasite-Invoke
  Hide your P/Invoke signatures through other people's signed assemblies
  ☆211Updated last year
• 0xsch1zo / NullGate
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆110Updated last month
• ZERODETECTION / MSC_Dropper
  ☆177Updated 10 months ago
• RePRGM / Nimperiments
  Various one-off pentesting projects written in Nim. Updates happen on a whim.
  ☆158Updated this week