All materials from our Black Hat 2018 "Subverting Sysmon" talk
☆135Aug 10, 2018Updated 7 years ago
Alternatives and similar repositories for BHUSA2018_Sysmon
Users that are interested in BHUSA2018_Sysmon are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆54Aug 13, 2018Updated 7 years ago
- ☆350Mar 19, 2021Updated 5 years ago
- ☆230May 10, 2018Updated 8 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 6 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Remote Recon and Collection☆461Nov 23, 2017Updated 8 years ago
- Proof of concept of VMSA-2017-0012☆41Jul 27, 2017Updated 8 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆267Nov 30, 2018Updated 7 years ago
- SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approa…☆288Aug 7, 2020Updated 5 years ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆92Feb 24, 2019Updated 7 years ago
- A Bring Your Own Land Toolkit that Doubles as a WMI Provider☆289Oct 31, 2018Updated 7 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Jul 18, 2019Updated 6 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆63Aug 16, 2020Updated 5 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Feb 26, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Lateral Movement technique using DCOM and HTA☆234Oct 18, 2022Updated 3 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.☆321Jun 5, 2017Updated 9 years ago
- BlackHat Europe 2017 Slides☆25Feb 15, 2018Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆943Dec 12, 2023Updated 2 years ago
- .NET tool for enumeration processes and dumping memory.☆56Apr 4, 2019Updated 7 years ago
- A tool to run .Net DLLs from the command line☆105Oct 23, 2018Updated 7 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Dec 26, 2018Updated 7 years ago
- A PoC Java Stager which can download, compile, and execute a Java file in memory.☆108Aug 6, 2018Updated 7 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆142Mar 7, 2018Updated 8 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Extract OLEv1 objects from RTF files by instrumenting Word☆48Nov 19, 2019Updated 6 years ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆365Mar 4, 2026Updated 3 months ago
- A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.☆42Nov 10, 2018Updated 7 years ago
- A PoC WMI backdoor presented at Black Hat 2015☆277Aug 10, 2015Updated 10 years ago
- crash poc & Leak info PoC☆16Mar 19, 2018Updated 8 years ago
- SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.☆110Jan 20, 2021Updated 5 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Kerberos accounts enumeration taking advantage of AS-REQ☆43Apr 25, 2018Updated 8 years ago
- PowerShell cmdlet to push PowerShell attack modules to a remote system via PSRemoting and if required enable WinRM remotely.☆28Sep 13, 2016Updated 9 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Reflective Polymorphism☆109Jun 29, 2018Updated 7 years ago
- All TMF files that I extracted from Microsoft PDBs.☆14Jun 29, 2019Updated 6 years ago
- Chakra vulnerability and exploit bypass all system mitigation☆81Jun 9, 2018Updated 8 years ago
- Enumerate all processes and get specified file's handle,then close it.☆12Jul 2, 2018Updated 7 years ago
- An Insider Threat Toolkit☆156Dec 17, 2018Updated 7 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- PowerShell Runspace Post Exploitation Toolkit☆1,549Aug 2, 2019Updated 6 years ago