hackerhouse-opensource / WMIProcessWatcherLinks
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆135Updated last year
Alternatives and similar repositories for WMIProcessWatcher
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
Sorting:
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆175Updated last year
- ☆107Updated 7 months ago
- ☆105Updated 10 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 10 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆200Updated 11 months ago
- ☆158Updated last month
- Analyse MSI files for vulnerabilities☆131Updated 9 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Updated last year
- ☆155Updated 5 months ago
- A Mythic Agent written in PIC C.☆188Updated 4 months ago
- Sleep obfuscation☆224Updated 5 months ago
- ☆68Updated 4 months ago
- kernel callback removal (Bypassing EDR Detections)☆167Updated 2 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆342Updated 3 months ago
- ☆131Updated last year
- ☆119Updated last year
- early cascade injection PoC based on Outflanks blog post☆218Updated 7 months ago
- Injecting DLL into LSASS at boot☆113Updated last month
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆109Updated 8 months ago
- ☆188Updated last year
- A set of programs for analyzing common vulnerabilities in COM☆215Updated 8 months ago
- Tools for analyzing EDR agents☆228Updated 11 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated last year
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 2 months ago
- ☆166Updated 10 months ago
- A POC to disable TamperProtection and other Defender / MDE components☆220Updated last year
- ☆107Updated 2 years ago