hackerhouse-opensource/WMIProcessWatcher external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

hackerhouse-opensource/WMIProcessWatcher

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hackerhouse-opensource/WMIProcessWatcher)

Close

hackerhouse-opensource / WMIProcessWatcherView on GitHubMore

• External links
• Readme badge

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.

☆139Feb 2, 2026Updated last month

Alternatives and similar repositories for WMIProcessWatcher

Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below

• hackerhouse-opensource / Marble

  View on GitHub
  The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.
  ☆320Feb 2, 2026Updated last month
• hackerhouse-opensource / Artillery

  View on GitHub
  CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…
  ☆184Feb 2, 2026Updated last month
• hackerhouse-opensource / SignToolEx

  View on GitHub
  Patching "signtool.exe" to accept expired certificates for code-signing.
  ☆342Feb 2, 2026Updated last month
• hackerhouse-opensource / AESCrypt

  View on GitHub
  AES-256 Microsoft Cryptography API Example Use.
  ☆35Feb 2, 2026Updated last month
• kyleavery / pendulum

  View on GitHub
  Linux Sleep Obfuscation
  ☆112Jan 7, 2024Updated 2 years ago
• hackerhouse-opensource / Stinger

  View on GitHub
  CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as A…
  ☆302Feb 2, 2026Updated last month
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆212Dec 14, 2023Updated 2 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆101Oct 7, 2023Updated 2 years ago
• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆136Dec 14, 2023Updated 2 years ago
• Maldev-Academy / Christmas

  View on GitHub
  PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
  ☆259Jan 21, 2024Updated 2 years ago
• Leo4j / KeyCredentialLink

  View on GitHub
  Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute
  ☆25Jun 5, 2024Updated last year
• lsecqt / ThreadlessInject-C-Implementation

  View on GitHub
  This repository implements Threadless Injection in C
  ☆172Dec 23, 2023Updated 2 years ago
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• frkngksl / UnlinkDLL

  View on GitHub
  DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
  ☆60Dec 15, 2023Updated 2 years ago
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆204Dec 27, 2023Updated 2 years ago
• p4p1 / havoc-bloodhound

  View on GitHub
  A GUI wrapper inside of Havoc to interact with bloodhound CE
  ☆71Feb 3, 2024Updated 2 years ago
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆262Jun 29, 2024Updated last year
• HuskyHacks / SharpTokenFinder

  View on GitHub
  C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
  ☆145Feb 1, 2026Updated last month
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• hackerhouse-opensource / NoFaxGiven

  View on GitHub
  Code Execution & Persistence in NETWORK SERVICE FAX Service
  ☆35Feb 2, 2026Updated last month
• Bl4ckM1rror / PEAs

  View on GitHub
  ☆60Dec 15, 2023Updated 2 years ago
• connormcgarr / EATGuard

  View on GitHub
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆115May 21, 2023Updated 2 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆618Jan 2, 2025Updated last year
• hackerhouse-opensource / envschtasksuacbypass

  View on GitHub
  Bypass UAC elevation on Windows 8 (build 9600) & above.
  ☆58Feb 2, 2026Updated last month
• jonny-jhnson / ETWInspector

  View on GitHub
  ☆182Apr 24, 2025Updated 10 months ago
• decoder-it / DFSCoerce-exe-2

  View on GitHub
  DFSCoerce exe revisited version with custom authentication
  ☆42Jan 13, 2024Updated 2 years ago
• floesen / EventLogCrasher

  View on GitHub
  ☆188Jan 23, 2024Updated 2 years ago
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• dmcxblue / SharpGhostTask

  View on GitHub
  A C# port from Invoke-GhostTask
  ☆120Jan 5, 2024Updated 2 years ago
• hackerhouse-opensource / CompMgmtLauncher_DLL_UACBypass

  View on GitHub
  CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive
  ☆111Feb 2, 2026Updated last month
• SaadAhla / D1rkInject

  View on GitHub
  Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…
  ☆185Aug 2, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆374Apr 19, 2023Updated 2 years ago
• MayerDaniel / profiler-lateral-movement

  View on GitHub
  Lateral Movement via the .NET Profiler
  ☆100Nov 21, 2024Updated last year
• Peribunt / Exception-Ret-Spoofing

  View on GitHub
  A simple way to spoof return addresses using an exception handler
  ☆44Aug 3, 2022Updated 3 years ago
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆95Dec 24, 2024Updated last year
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• synacktiv / DLHell

  View on GitHub
  Local & remote Windows DLL Proxying
  ☆169Jun 17, 2024Updated last year
• dsnezhkov / shutter

  View on GitHub
  ☆124May 12, 2021Updated 4 years ago