mattifestation / BHUSA2018_SysmonView external linksLinks
All materials from our Black Hat 2018 "Subverting Sysmon" talk
☆135Aug 10, 2018Updated 7 years ago
Alternatives and similar repositories for BHUSA2018_Sysmon
Users that are interested in BHUSA2018_Sysmon are comparing it to the libraries listed below
Sorting:
- ☆54Aug 13, 2018Updated 7 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- ☆230May 10, 2018Updated 7 years ago
- Remote Recon and Collection☆459Nov 23, 2017Updated 8 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆266Nov 30, 2018Updated 7 years ago
- Proof of concept of VMSA-2017-0012☆41Jul 27, 2017Updated 8 years ago
- Sysmon Tools for PowerShell☆232Aug 17, 2018Updated 7 years ago
- SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…☆290Aug 7, 2020Updated 5 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Jul 18, 2019Updated 6 years ago
- A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.☆42Nov 10, 2018Updated 7 years ago
- Kerberos accounts enumeration taking advantage of AS-REQ☆43Apr 25, 2018Updated 7 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Dec 26, 2018Updated 7 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆322Jun 5, 2017Updated 8 years ago
- crash poc & Leak info PoC☆18Mar 19, 2018Updated 7 years ago
- .NET tool for enumeration processes and dumping memory.☆57Apr 4, 2019Updated 6 years ago
- Enumerate all processes and get specified file's handle,then close it.☆12Jul 2, 2018Updated 7 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆62Aug 16, 2020Updated 5 years ago
- Extract OLEv1 objects from RTF files by instrumenting Word☆49Nov 19, 2019Updated 6 years ago
- BlackHat Europe 2017 Slides☆25Feb 15, 2018Updated 8 years ago
- A PoC Java Stager which can download, compile, and execute a Java file in memory.☆108Aug 6, 2018Updated 7 years ago
- Chakra vulnerability and exploit bypass all system mitigation☆82Jun 9, 2018Updated 7 years ago
- A Bring Your Own Land Toolkit that Doubles as a WMI Provider☆289Oct 31, 2018Updated 7 years ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆94Feb 24, 2019Updated 6 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Memory Backed Powershell WebDav Server☆138Mar 7, 2021Updated 4 years ago
- Lateral Movement technique using DCOM and HTA☆235Oct 18, 2022Updated 3 years ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆359Updated this week
- SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.☆110Jan 20, 2021Updated 5 years ago
- ☆164May 18, 2018Updated 7 years ago
- Windows log and threat hunting with powershell☆16Dec 11, 2020Updated 5 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆141Mar 7, 2018Updated 7 years ago
- An Insider Threat Toolkit☆155Dec 17, 2018Updated 7 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- ☆18May 18, 2018Updated 7 years ago
- Various C# projects for offensive security☆111Nov 14, 2019Updated 6 years ago
- FCL (Fileless Command Lines) - Known command lines of fileless malicious executions☆477Apr 8, 2021Updated 4 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- A tool to run .Net DLLs from the command line☆105Oct 23, 2018Updated 7 years ago