hackerhouse-opensource / WMIProcessWatcherLinks
A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
☆134Updated last year
Alternatives and similar repositories for WMIProcessWatcher
Users that are interested in WMIProcessWatcher are comparing it to the libraries listed below
Sorting:
- ☆108Updated 10 months ago
- ☆121Updated last year
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆179Updated last year
- Analyse MSI files for vulnerabilities☆138Updated last year
- ☆69Updated 7 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆124Updated 3 weeks ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆38Updated 7 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- Create and enumerate hidden desktops.☆90Updated last year
- ☆161Updated 6 months ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆39Updated 5 years ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 5 months ago
- The different ways to dump lsass☆117Updated last month
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆47Updated last year
- ☆105Updated last year
- ☆157Updated 9 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆86Updated 2 months ago
- Offensive Lua.☆194Updated last year
- Vibe Malware Triage - MCP server for static PE analysis.☆68Updated 4 months ago
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆95Updated 2 years ago
- ☆146Updated 10 months ago
- ☆108Updated 2 years ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆52Updated last year
- ☆188Updated last year
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆105Updated last year
- ☆156Updated 3 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆317Updated 2 years ago
- ☆134Updated 2 years ago