hackerhouse-opensource / WMIProcessWatcher
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆134Updated last year
Alternatives and similar repositories for WMIProcessWatcher
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
Sorting:
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆173Updated last year
- ☆105Updated 6 months ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆339Updated 3 months ago
- ☆119Updated last year
- ☆154Updated 5 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆109Updated 8 months ago
- ☆105Updated 10 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 9 months ago
- ☆100Updated 5 months ago
- ☆67Updated 3 months ago
- ☆106Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- ☆187Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- ☆156Updated 2 weeks ago
- kernel callback removal (Bypassing EDR Detections)☆162Updated last month
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆237Updated last month
- Analyse MSI files for vulnerabilities☆130Updated 8 months ago
- "Service-less" driver loading☆154Updated 5 months ago
- Windows rootkit designed to work with BYOVD exploits☆198Updated 3 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆198Updated 11 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆78Updated 8 months ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 10 months ago
- early cascade injection PoC based on Outflanks blog post☆214Updated 6 months ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆228Updated last year
- Command and Control (C2) framework☆126Updated last year
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆100Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆258Updated 10 months ago
- ☆141Updated 6 months ago