matterpreter / FindETWProviderImageLinks
Quickly search for references to a GUID in DLLs, EXEs, and drivers
☆74Updated 3 years ago
Alternatives and similar repositories for FindETWProviderImage
Users that are interested in FindETWProviderImage are comparing it to the libraries listed below
Sorting:
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆79Updated 4 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆103Updated 2 years ago
- ☆48Updated 5 years ago
- ☆74Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆54Updated 5 years ago
- Specialized tool to dump Position Independent Code.☆22Updated 4 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆121Updated 4 years ago
- ☆55Updated 3 years ago
- ☆45Updated last year
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 3 years ago
- ☆33Updated 3 years ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆102Updated 3 years ago
- AdHoc solutions☆48Updated last year
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Updated 2 years ago
- PE File Blessing - To continue or not to continue☆87Updated 5 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123Updated 4 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- RDPThief donut shellcode inject into mstsc☆87Updated 4 years ago
- A module for CME that spiders across a domain.☆35Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- The repository accompanying the Buer Emulation workshop☆24Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆178Updated 2 years ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆109Updated 4 years ago
- DInvisibleRegistry☆82Updated 4 years ago
- A tool to create COM class/interface relationships in neo4j☆50Updated 2 years ago