jsecurity101 / ETWInspector
☆150Updated 4 months ago
Related projects: ⓘ
- ☆154Updated last month
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆157Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆105Updated 2 months ago
- Tools for analyzing EDR agents☆200Updated 3 months ago
- EDRSandblast-GodFault☆239Updated last year
- ETW based POC to identify direct and indirect syscalls☆170Updated last year
- ☆102Updated 2 months ago
- ☆206Updated last year
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆114Updated 2 years ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆64Updated 2 weeks ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆92Updated 5 months ago
- ☆115Updated 2 weeks ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆120Updated 6 months ago
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆72Updated last month
- Enumerate various traits from Windows processes as an aid to threat hunting☆180Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆272Updated last month
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆80Updated last year
- Exploitation of process killer drivers☆182Updated 11 months ago
- ☆103Updated last month
- ☆204Updated 2 years ago
- Recon 2023 slides and code☆77Updated last year
- Execute PowerShell code at the antimalware-light protection level.☆135Updated last year
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆131Updated 8 months ago
- ☆93Updated last week
- ☆62Updated last month
- A collection of tools, scripts and personal research☆104Updated 2 months ago
- ☆105Updated 3 years ago
- ☆98Updated 7 months ago
- ☆132Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆121Updated last month