matterpreter / FindETWProviderImage
Quickly search for references to a GUID in DLLs, EXEs, and drivers
☆74Updated 3 years ago
Alternatives and similar repositories for FindETWProviderImage:
Users that are interested in FindETWProviderImage are comparing it to the libraries listed below
- ☆47Updated 5 years ago
- ☆33Updated 3 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- ☆45Updated last year
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆52Updated 4 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- ☆75Updated 2 years ago
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆103Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆170Updated 2 years ago
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆79Updated 3 years ago
- ☆57Updated 3 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆100Updated 2 years ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆55Updated 2 years ago
- A tool to create COM class/interface relationships in neo4j☆48Updated 2 years ago
- A module for CME that spiders across a domain.☆35Updated 2 years ago
- The repository that complements the From zero to hero: creating a reflective loader in C# workshop☆38Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- A simple COM server which provides a component to run shellcode☆133Updated 4 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123Updated 3 years ago
- ☆20Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- pypykatz plugin for volatility3 framework☆39Updated last year
- PE File Blessing - To continue or not to continue☆86Updated 5 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆61Updated 3 years ago
- Specialized tool to dump Position Independent Code.☆21Updated 4 years ago
- BloodCheck enables Red and Blue Teams to manage multiple Neo4j databases and run Cypher queries against a BloodHound dataset.☆17Updated 3 years ago
- ☆55Updated 3 years ago
- Repo containing my public talks☆23Updated last year