mattifestation / AntimalwareBlight
Execute PowerShell code at the antimalware-light protection level.
☆138Updated last year
Related projects ⓘ
Alternatives and complementary repositories for AntimalwareBlight
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆115Updated 2 years ago
- ☆208Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆150Updated 2 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆111Updated 3 years ago
- A fake AMSI Provider which can be used for persistence.☆139Updated 3 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆135Updated 6 months ago
- You shall pass☆249Updated 2 years ago
- Koppeling x Metatwin x LazySign☆203Updated 3 years ago
- Experiment on reproducing Obfuscate & Sleep☆139Updated 3 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆110Updated last year
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- Hookers are cooler than patches.☆166Updated 2 years ago
- ☆128Updated 2 years ago
- It's pointy and it hurts!☆122Updated 2 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆110Updated last year
- ETW based POC to identify direct and indirect syscalls☆174Updated last year
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆119Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆183Updated 2 years ago
- Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later☆89Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- ☆112Updated 2 years ago
- Infect Shared Files In Memory for Lateral Movement☆192Updated last year
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆163Updated last year
- ☆109Updated 3 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆184Updated 3 years ago
- Simple EDR implementation to demonstrate bypass☆159Updated 4 years ago
- ☆68Updated 2 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆87Updated 2 years ago