matterpreter / FindETWProviderImageLinks
Quickly search for references to a GUID in DLLs, EXEs, and drivers
☆74Updated 3 years ago
Alternatives and similar repositories for FindETWProviderImage
Users that are interested in FindETWProviderImage are comparing it to the libraries listed below
Sorting:
- ☆48Updated 5 years ago
- ☆45Updated last year
- ☆33Updated 3 years ago
- ☆75Updated 2 years ago
- A tool to create COM class/interface relationships in neo4j☆50Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆54Updated 5 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆103Updated 2 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆103Updated 3 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 2 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆79Updated 4 years ago
- Repo containing my public talks☆23Updated 2 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆61Updated 3 years ago
- ☆59Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Unpacking and decryption tools for the Emotet malware☆47Updated 3 years ago
- A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn☆101Updated 2 years ago
- subTee gists code backups☆36Updated 7 years ago
- ☆55Updated 3 years ago
- Tradecraft Development Fundamentals☆40Updated 3 years ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆176Updated 2 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- ☆23Updated 3 years ago
- The repository that complements the From zero to hero: creating a reflective loader in C# workshop☆38Updated 3 years ago
- BloodCheck enables Red and Blue Teams to manage multiple Neo4j databases and run Cypher queries against a BloodHound dataset.☆17Updated 4 years ago
- DInvisibleRegistry☆82Updated 4 years ago
- A module for CME that spiders across a domain.☆35Updated 2 years ago