All materials from our Black Hat 2018 "Subverting Sysmon" talk
☆135Aug 10, 2018Updated 7 years ago
Alternatives and similar repositories for BHUSA2018_Sysmon
Users that are interested in BHUSA2018_Sysmon are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆54Aug 13, 2018Updated 7 years ago
- ☆350Mar 19, 2021Updated 5 years ago
- ☆230May 10, 2018Updated 8 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Remote Recon and Collection☆461Nov 23, 2017Updated 8 years ago
- Proof of concept of VMSA-2017-0012☆41Jul 27, 2017Updated 8 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆266Nov 30, 2018Updated 7 years ago
- SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…☆288Aug 7, 2020Updated 5 years ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆92Feb 24, 2019Updated 7 years ago
- A Bring Your Own Land Toolkit that Doubles as a WMI Provider☆289Oct 31, 2018Updated 7 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Jul 18, 2019Updated 6 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆63Aug 16, 2020Updated 5 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Feb 26, 2026Updated 3 months ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Lateral Movement technique using DCOM and HTA☆234Oct 18, 2022Updated 3 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Jun 5, 2017Updated 8 years ago
- BlackHat Europe 2017 Slides☆25Feb 15, 2018Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆940Dec 12, 2023Updated 2 years ago
- .NET tool for enumeration processes and dumping memory.☆56Apr 4, 2019Updated 7 years ago
- A tool to run .Net DLLs from the command line☆105Oct 23, 2018Updated 7 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Dec 26, 2018Updated 7 years ago
- A PoC Java Stager which can download, compile, and execute a Java file in memory.☆108Aug 6, 2018Updated 7 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆142Mar 7, 2018Updated 8 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Extract OLEv1 objects from RTF files by instrumenting Word☆48Nov 19, 2019Updated 6 years ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆365Mar 4, 2026Updated 2 months ago
- A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.☆42Nov 10, 2018Updated 7 years ago
- A PoC WMI backdoor presented at Black Hat 2015☆277Aug 10, 2015Updated 10 years ago
- crash poc & Leak info PoC☆16Mar 19, 2018Updated 8 years ago
- SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.☆110Jan 20, 2021Updated 5 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Kerberos accounts enumeration taking advantage of AS-REQ☆43Apr 25, 2018Updated 8 years ago
- PowerShell cmdlet to push PowerShell attack modules to a remote system via PSRemoting and if required enable WinRM remotely.☆28Sep 13, 2016Updated 9 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Reflective Polymorphism☆109Jun 29, 2018Updated 7 years ago
- All TMF files that I extracted from Microsoft PDBs.☆14Jun 29, 2019Updated 6 years ago
- Chakra vulnerability and exploit bypass all system mitigation☆81Jun 9, 2018Updated 7 years ago
- Enumerate all processes and get specified file's handle,then close it.☆12Jul 2, 2018Updated 7 years ago
- An Insider Threat Toolkit☆156Dec 17, 2018Updated 7 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- PowerShell Runspace Post Exploitation Toolkit☆1,550Aug 2, 2019Updated 6 years ago