matterpreter / FindETWProviderImageLinks
Quickly search for references to a GUID in DLLs, EXEs, and drivers
☆74Updated 3 years ago
Alternatives and similar repositories for FindETWProviderImage
Users that are interested in FindETWProviderImage are comparing it to the libraries listed below
Sorting:
- ☆48Updated 5 years ago
- ☆33Updated 3 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53Updated 5 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆103Updated 2 years ago
- ☆75Updated 2 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- ☆45Updated last year
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆79Updated 3 years ago
- ☆55Updated 3 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆103Updated 3 years ago
- ☆58Updated 3 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆61Updated 3 years ago
- The repository that complements the From zero to hero: creating a reflective loader in C# workshop☆38Updated 3 years ago
- A module for CME that spiders across a domain.☆35Updated 2 years ago
- MiniDumpWriteDump behavior modification hook☆50Updated 4 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆83Updated 2 years ago
- A fake AMSI Provider which can be used for persistence.☆150Updated 4 years ago
- PE File Blessing - To continue or not to continue☆87Updated 5 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- AMSI Bypass Via the Heap☆107Updated 4 years ago
- RDPThief donut shellcode inject into mstsc☆87Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆135Updated 5 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆174Updated 2 years ago
- ☆26Updated 4 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆124Updated 4 years ago
- ☆23Updated 3 years ago