hfiref0x / WDExtractLinks
Extract Windows Defender database from vdm files and unpack it
☆440Updated 5 years ago
Alternatives and similar repositories for WDExtract
Users that are interested in WDExtract are comparing it to the libraries listed below
Sorting:
- Expriments☆458Updated 8 months ago
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆321Updated last year
- This is a simple example and explanation of obfuscating API resolution via hashing☆235Updated 5 years ago
- Universal Unhooking☆321Updated 6 years ago
- Just another Windows Process Injection☆399Updated 4 years ago
- Tools for instrumenting Windows Defender's mpengine.dll☆298Updated 6 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆563Updated 2 years ago
- A more stealthy variant of "DLL hollowing"☆347Updated last year
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆610Updated 2 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆278Updated 5 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆299Updated last year
- Yet another variant of Process Hollowing☆395Updated 4 months ago
- A way to delete a locked file, or current running executable, on disk.☆531Updated 10 months ago
- Research on Anti-malware and other related security solutions☆259Updated 4 years ago
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆324Updated 7 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆420Updated 5 years ago
- Quickly debug shellcode extracted during malware analysis☆602Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆660Updated last year
- Adaptive DLL hijacking / dynamic export forwarding☆755Updated 4 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆408Updated 4 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆702Updated 4 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆797Updated 4 years ago
- Demos of various (also non standard) persistence methods used by malware☆221Updated 2 years ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆332Updated 3 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆604Updated 7 years ago
- Dump of win32k POCs for bugs I've found☆375Updated 3 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆549Updated last year
- Obfuscate specific windows apis with different apis☆1,000Updated 4 years ago
- ☆398Updated 8 years ago
- This is a standalone exploit for a vulnerable feature in Capcom.sys☆304Updated 2 years ago