ignacioj / WhacAMole

Related projects ⓘ

Alternatives and complementary repositories for WhacAMole

• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆90Updated 2 years ago
• matterpreter / FindETWProviderImage
  Quickly search for references to a GUID in DLLs, EXEs, and drivers
  ☆60Updated 2 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆62Updated 2 years ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆86Updated 2 years ago
• naksyn / talks
  Repo containing my public talks
  ☆22Updated last year
• ACE-Responder / ace-proctree
  Create a cool process tree like https://twitter.com/ACEResponder.
  ☆34Updated last year
• codewhitesec / SysmonEnte
  ☆68Updated 2 years ago
• jsecurity101 / LDAPMon
  ☆44Updated last year
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆38Updated last year
• Dramelac / GoldenCopy
  Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
  ☆80Updated 6 months ago
• Pascal-0x90 / sideloadr
  Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).
  ☆53Updated 2 years ago
• RomaissaAdjailia / Get-AppLockerEventlog
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆30Updated 2 years ago
• AhmedKamal1432 / Evilize
  Triaging Windows event logs based on SANS Poster
  ☆37Updated last year
• Tylous / Slides
  ☆37Updated 7 months ago
• mvelazc0 / SharpShareFinder
  SharpShareFinder is a minimalistic network share discovery POC designed to enumerate shares in Windows Active Directory networks leveragi…
  ☆21Updated 4 months ago
• RedSiege / What-The-F
  This repo hosts a poc of how to execute F# code within an unmanaged process
  ☆65Updated 5 months ago
• nullsection / SharpETW-Patch
  ☆22Updated 11 months ago
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆77Updated last year
• deepinstinct / AMSI-Unchained
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆88Updated 2 years ago
• embee-research / Yara-detection-rules
  Yara Rules for Modern Malware
  ☆68Updated 8 months ago
• ashemery / REDM
  Reverse Engineering and Debugging Malware
  ☆30Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆51Updated 2 years ago
• wietze / windows-dll-env-hijacking
  Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.
  ☆57Updated 2 years ago
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆83Updated 2 years ago
• woanware / etw-event-dumper
  ☆31Updated 2 years ago
• EspressoCake / Process_Protection_Level_BOF
  ☆51Updated 3 years ago
• 0xthirteen / AssemblyHunter
  Find .net assemblies locally
  ☆92Updated 2 years ago