matterpreter / FindETWProviderImageLinks
Quickly search for references to a GUID in DLLs, EXEs, and drivers
☆75Updated 3 years ago
Alternatives and similar repositories for FindETWProviderImage
Users that are interested in FindETWProviderImage are comparing it to the libraries listed below
Sorting:
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆79Updated 4 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- ☆74Updated 2 years ago
- ☆33Updated 3 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆103Updated 2 years ago
- Specialized tool to dump Position Independent Code.☆22Updated 5 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Updated 3 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆87Updated 3 years ago
- PE File Blessing - To continue or not to continue☆87Updated 5 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆54Updated 5 years ago
- ☆48Updated 5 years ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆110Updated 4 years ago
- ☆45Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆61Updated 3 years ago
- ☆37Updated 3 years ago
- ☆55Updated 3 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆107Updated 3 years ago
- A tool to create COM class/interface relationships in neo4j☆50Updated 2 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆122Updated 4 years ago
- RDPThief donut shellcode inject into mstsc☆87Updated 4 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆103Updated 3 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆118Updated 4 years ago
- AdHoc solutions☆48Updated last year
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆178Updated 2 years ago
- It's pointy and it hurts!☆126Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago