mattifestation / AntimalwareBlight
Execute PowerShell code at the antimalware-light protection level.
☆137Updated last year
Related projects ⓘ
Alternatives and complementary repositories for AntimalwareBlight
- A fake AMSI Provider which can be used for persistence.☆139Updated 3 years ago
- ☆202Updated 2 years ago
- ☆111Updated 2 years ago
- ☆206Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆134Updated 5 months ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆183Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆162Updated last year
- Simple EDR implementation to demonstrate bypass☆159Updated 4 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆115Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆138Updated 3 years ago
- Koppeling x Metatwin x LazySign☆203Updated 3 years ago
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆119Updated 3 years ago
- ☆128Updated 2 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆111Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆149Updated 2 years ago
- Load any Beacon Object File using Powershell!☆245Updated 2 years ago
- You shall pass☆248Updated 2 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆159Updated last year
- It's pointy and it hurts!☆122Updated 2 years ago
- ☆108Updated 3 years ago
- WNF Code Execution Library Using C#☆108Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆153Updated 3 years ago
- Hookers are cooler than patches.☆166Updated 2 years ago
- D/Invoke implementation in Nim☆98Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆110Updated last year
- Overwrite a process's recovery callback and execute with WER☆102Updated 2 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆184Updated 3 years ago
- Process Monitor filter for finding privilege escalation vulnerabilities on Windows☆78Updated 3 years ago