All materials from our Black Hat 2018 "Subverting Sysmon" talk
☆135Aug 10, 2018Updated 7 years ago
Alternatives and similar repositories for BHUSA2018_Sysmon
Users that are interested in BHUSA2018_Sysmon are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆54Aug 13, 2018Updated 7 years ago
- ☆349Mar 19, 2021Updated 5 years ago
- ☆229May 10, 2018Updated 7 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Remote Recon and Collection☆460Nov 23, 2017Updated 8 years ago
- Proof of concept of VMSA-2017-0012☆41Jul 27, 2017Updated 8 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆265Nov 30, 2018Updated 7 years ago
- SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…☆290Aug 7, 2020Updated 5 years ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆94Feb 24, 2019Updated 7 years ago
- A Bring Your Own Land Toolkit that Doubles as a WMI Provider☆289Oct 31, 2018Updated 7 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Jul 18, 2019Updated 6 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆64Aug 16, 2020Updated 5 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Feb 26, 2026Updated last month
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Lateral Movement technique using DCOM and HTA☆235Oct 18, 2022Updated 3 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Jun 5, 2017Updated 8 years ago
- BlackHat Europe 2017 Slides☆25Feb 15, 2018Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆938Dec 12, 2023Updated 2 years ago
- .NET tool for enumeration processes and dumping memory.☆57Apr 4, 2019Updated 6 years ago
- A tool to run .Net DLLs from the command line☆105Oct 23, 2018Updated 7 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Dec 26, 2018Updated 7 years ago
- A PoC Java Stager which can download, compile, and execute a Java file in memory.☆108Aug 6, 2018Updated 7 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆141Mar 7, 2018Updated 8 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Extract OLEv1 objects from RTF files by instrumenting Word☆50Nov 19, 2019Updated 6 years ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆363Mar 4, 2026Updated 3 weeks ago
- A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.☆42Nov 10, 2018Updated 7 years ago
- A PoC WMI backdoor presented at Black Hat 2015☆276Aug 10, 2015Updated 10 years ago
- crash poc & Leak info PoC☆17Mar 19, 2018Updated 8 years ago
- SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.☆110Jan 20, 2021Updated 5 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Kerberos accounts enumeration taking advantage of AS-REQ☆43Apr 25, 2018Updated 7 years ago
- PowerShell cmdlet to push PowerShell attack modules to a remote system via PSRemoting and if required enable WinRM remotely.☆28Sep 13, 2016Updated 9 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Reflective Polymorphism☆109Jun 29, 2018Updated 7 years ago
- All TMF files that I extracted from Microsoft PDBs.☆14Jun 29, 2019Updated 6 years ago
- Chakra vulnerability and exploit bypass all system mitigation☆82Jun 9, 2018Updated 7 years ago
- Enumerate all processes and get specified file's handle,then close it.☆12Jul 2, 2018Updated 7 years ago
- An Insider Threat Toolkit☆156Dec 17, 2018Updated 7 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆430Dec 22, 2023Updated 2 years ago
- PowerShell Runspace Post Exploitation Toolkit☆1,548Aug 2, 2019Updated 6 years ago