hackerhouse-opensource / WMIProcessWatcherLinks
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆134Updated last year
Alternatives and similar repositories for WMIProcessWatcher
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
Sorting:
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆177Updated last year
- ☆120Updated last year
- ☆108Updated 10 months ago
- Analyse MSI files for vulnerabilities☆138Updated last year
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- ☆68Updated 7 months ago
- ☆108Updated 2 years ago
- Offensive Lua.☆193Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆47Updated last year
- A Mythic Agent written in PIC C.☆199Updated 6 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆86Updated last month
- Create and enumerate hidden desktops.☆90Updated last year
- ☆157Updated 8 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆316Updated 2 years ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 5 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆37Updated 6 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- ☆160Updated 5 months ago
- ☆104Updated 9 months ago
- "Service-less" driver loading☆159Updated 9 months ago
- ☆173Updated 4 months ago
- ☆133Updated 2 years ago
- ☆188Updated last year
- ☆58Updated 4 months ago
- Vibe Malware Triage - MCP server for static PE analysis.☆68Updated 3 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆105Updated last year
- ☆84Updated 3 years ago