defender_database
☆24Oct 31, 2023Updated 2 years ago
Alternatives and similar repositories for defender-database-extract
Users that are interested in defender-database-extract are comparing it to the libraries listed below
Sorting:
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆144Updated this week
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆26Apr 24, 2022Updated 3 years ago
- GraalVM NativeImage Decompilation/Reverse Tool☆26Jan 21, 2024Updated 2 years ago
- doesnt work and wont work on it anymore☆10Jul 8, 2024Updated last year
- Interact with Windows RPC Services over SMB using go-smb☆11Feb 27, 2026Updated last week
- ☆59Oct 17, 2024Updated last year
- SamrSearch can get user info and group info with MS-SAMR.☆15Feb 15, 2022Updated 4 years ago
- arm64 linux position-independent shellcode framework☆30Dec 12, 2025Updated 2 months ago
- about how to make a anti-virus engine☆106May 22, 2025Updated 9 months ago
- Extracted lua script from Defender mpavbase.vdm and mpasbase.vdm☆16Jul 5, 2024Updated last year
- Rookit and anti rookit on Windows platform☆14Apr 30, 2024Updated last year
- ☆15Jul 22, 2022Updated 3 years ago
- ☆43Nov 18, 2024Updated last year
- ☆20Oct 14, 2024Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- ☆24Jul 15, 2023Updated 2 years ago
- Simple tool to dump/hide services in services.exe process.☆14Apr 22, 2022Updated 3 years ago
- Unused DLL hollowing PoC in Nim☆17Jan 31, 2022Updated 4 years ago
- Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine☆41Jul 29, 2025Updated 7 months ago
- CLI tool to compute the TypeRefHash for .NET binaries.☆19Nov 10, 2021Updated 4 years ago
- Windows driver template, using C++20 & cmake & GithubActions☆25Aug 9, 2024Updated last year
- Windows Defender VDM lua collections☆48Oct 30, 2022Updated 3 years ago
- Extract Windows Defender database from vdm files and unpack it☆476Feb 23, 2026Updated last week
- ☆57Jan 15, 2024Updated 2 years ago
- Experiment to use sections as User/Kernelmode comm vector☆22Apr 7, 2023Updated 2 years ago
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- Expriments☆478Oct 3, 2024Updated last year
- RISCV-V disassembler for IDA Pro☆25Mar 26, 2017Updated 8 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆47Sep 18, 2020Updated 5 years ago
- ☆29Nov 22, 2023Updated 2 years ago
- Modified version of Impacket to use dynamic NTLMv2 Challenge/Response☆20Dec 26, 2022Updated 3 years ago
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆270Jun 18, 2025Updated 8 months ago
- Labyrinth, an LLVM obfuscation plugin for the New Pass Manager☆44Feb 23, 2025Updated last year
- Hades is a Host-Based Intrusion Detection System based on both eBPF(kernel) and netlink/cn_proc(userspace).☆28Dec 14, 2024Updated last year
- Windows CVE主防(HIPS/HIDS)☆57Apr 29, 2021Updated 4 years ago
- 使用 Intel 虚拟化特性实现应用层HOOK☆65Sep 11, 2025Updated 5 months ago
- Finds imports that could be exploited, still requires manual analysis.☆29Nov 9, 2022Updated 3 years ago
- rpv-web is a browser based frontend for the rpv library☆27Nov 21, 2025Updated 3 months ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago