hackerhouse-opensource / WMIProcessWatcher
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆131Updated last year
Alternatives and similar repositories for WMIProcessWatcher:
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆174Updated last year
- ☆104Updated 3 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆332Updated 7 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆193Updated 7 months ago
- ☆137Updated last month
- ☆184Updated last year
- ☆112Updated last year
- ☆105Updated 6 months ago
- A Mythic Agent written in PIC C.☆171Updated 2 weeks ago
- "Service-less" driver loading☆150Updated 2 months ago
- ☆137Updated 6 months ago
- Collect Windows telemetry for Maldev☆278Updated last week
- ☆96Updated 2 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆306Updated last year
- Tools for analyzing EDR agents☆218Updated 7 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆250Updated 7 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆159Updated last month
- Offensive Lua.☆179Updated last year
- ☆155Updated 8 months ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆65Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆219Updated 4 months ago
- ☆106Updated last year
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 6 months ago
- EDRSandblast-GodFault☆248Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆111Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆216Updated last month
- early cascade injection PoC based on Outflanks blog post☆196Updated 2 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆131Updated 8 months ago
- Hide your P/Invoke signatures through other people's signed assemblies☆202Updated 10 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆173Updated 10 months ago