hackerhouse-opensource / WMIProcessWatcherLinks
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆137Updated 2 years ago
Alternatives and similar repositories for WMIProcessWatcher
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
Sorting:
- ☆121Updated last year
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆181Updated 2 years ago
- ☆106Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated 2 years ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆50Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆102Updated 9 months ago
- ☆72Updated 11 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆139Updated last year
- Analyse MSI files for vulnerabilities☆140Updated last year
- ☆132Updated 2 years ago
- ☆103Updated last year
- ☆159Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆207Updated last year
- ☆192Updated last year
- Offensive Lua.☆222Updated 2 months ago
- "Service-less" driver loading☆167Updated last year
- Create and enumerate hidden desktops.☆88Updated 2 years ago
- ☆124Updated 4 years ago
- ☆107Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆319Updated 2 years ago
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆104Updated last year
- Comprehensive Windows Syscall Extraction & Analysis Framework☆160Updated 4 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆119Updated last year
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- ☆161Updated 11 months ago
- A Mythic Agent written in PIC C.☆207Updated 11 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆39Updated 10 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆107Updated last year
- ☆181Updated 8 months ago