Shim database persistence (Fin7 TTP)
☆37Feb 25, 2020Updated 6 years ago
Alternatives and similar repositories for ShimDB
Users that are interested in ShimDB are comparing it to the libraries listed below
Sorting:
- ☆28Dec 28, 2017Updated 8 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- Ps1jacker is a tool for generating COM Hijacking payload.☆60Feb 11, 2025Updated last year
- ☆18Jul 4, 2019Updated 6 years ago
- Generate bulk YARA rules from YAML input☆22Feb 3, 2020Updated 6 years ago
- Run commands over RDP on massive number of hosts☆11Nov 26, 2018Updated 7 years ago
- Registry Miner☆14Apr 10, 2018Updated 7 years ago
- Get USB Devices from Registry hives☆22Nov 15, 2021Updated 4 years ago
- Windows (ShadowMove) Socket Duplication☆88Apr 19, 2020Updated 5 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Mar 9, 2018Updated 8 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 7 years ago
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- POC about how to prevent windbg break☆15Oct 3, 2022Updated 3 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆110Jan 26, 2021Updated 5 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Jun 20, 2016Updated 9 years ago
- Tool to view and create Microsoft shim database files (SDB).☆119May 11, 2017Updated 8 years ago
- ☆22Jul 7, 2017Updated 8 years ago
- Some eternal WIP stuff :)☆21Nov 18, 2025Updated 4 months ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Methods of C2☆22Jul 15, 2015Updated 10 years ago
- Technical Notes☆16Dec 1, 2017Updated 8 years ago
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆13May 30, 2024Updated last year
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆88Oct 6, 2017Updated 8 years ago
- NimSkrull is an adaption from the original Skrull malware anti-copy DRM. Only for the anti-copy feature. (https://github.com/aaaddress1/S…☆13May 20, 2023Updated 2 years ago
- Antivirus Emulator Fingerprints☆30Oct 12, 2018Updated 7 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆29May 5, 2018Updated 7 years ago
- Example of a serverless web reconaissance workflow's AWS architecture.☆11Feb 25, 2023Updated 3 years ago
- ☆34Aug 14, 2023Updated 2 years ago
- PowerShell module to play with Kerberos S4U extensions☆52Apr 2, 2017Updated 8 years ago
- Duo MFA auditing tool to test users' likelihood of approving unexpected push notifications☆13Apr 20, 2018Updated 7 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- AIDA64DRIVER Elevation of Privilege Vulnerability☆16Oct 25, 2024Updated last year
- Exploitation Script for CVE-2020-0688 "Microsoft Exchange default MachineKeySection deserialize vulnerability"☆11Apr 1, 2020Updated 5 years ago
- ☆23May 28, 2021Updated 4 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- Run Powershell remotely from the CLI☆11May 1, 2016Updated 9 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Sep 26, 2019Updated 6 years ago
- A python script that can be used to scan data within in an IDB using Yara.☆23Sep 4, 2018Updated 7 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago