mattifestation / WDACPoliciesView external linksLinks
A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies
☆64Dec 18, 2023Updated 2 years ago
Alternatives and similar repositories for WDACPolicies
Users that are interested in WDACPolicies are comparing it to the libraries listed below
Sorting:
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆254Feb 5, 2026Updated last week
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 5 months ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Nov 15, 2016Updated 9 years ago
- EventList☆376Mar 21, 2021Updated 4 years ago
- Appendix resources for Intrinsec's "Amélioration des capacités de détection" handbook.☆13Mar 26, 2018Updated 7 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Nov 10, 2018Updated 7 years ago
- PoSh BloodHound Dog Whisperer☆193May 23, 2023Updated 2 years ago
- PowerShell script to find 'vulnerable' security-related GPOs that should be hardended☆198Jun 1, 2018Updated 7 years ago
- Repository for my ATT&CK analysis research.☆71May 16, 2019Updated 6 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆114May 27, 2017Updated 8 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- An intercepting proxy, based on Netty☆19Sep 14, 2017Updated 8 years ago
- Short Python script for parsing Defender VDM signature files.☆10Sep 22, 2024Updated last year
- A PowerShell module to assist in parsing and managing catalog files.☆22Jan 12, 2017Updated 9 years ago
- Experiments on the Windows Internals☆31Sep 22, 2019Updated 6 years ago
- ☆21Dec 4, 2014Updated 11 years ago
- ☆10May 30, 2025Updated 8 months ago
- CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution☆30Jan 13, 2026Updated last month
- Robust and practical application control for Windows☆683Aug 12, 2022Updated 3 years ago
- Mapping of Binaries that allows Arbitrary Code Execution☆26May 10, 2018Updated 7 years ago
- DLL Password Filter Implant with Exfiltration Capabilities☆138Feb 24, 2020Updated 5 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆141Mar 7, 2018Updated 7 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- A wireshark plugin to instrument ETW☆579Jan 28, 2022Updated 4 years ago
- ps-like .NET Assembly for enumerating processes on the current machine or a remote machine.☆13Aug 12, 2019Updated 6 years ago
- A modern approach to password rotation for the local administrator account on Windows 10 workstations utilizing Microsoft Endpoint Config…☆11May 5, 2020Updated 5 years ago
- My solutions in Python for Corelan's Exploit Writing Tutorials☆13Jun 2, 2016Updated 9 years ago
- Semgrep rules to identify GWT attack surface☆12Apr 28, 2022Updated 3 years ago
- ☆115Jul 18, 2019Updated 6 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- Splunk Boss of the SOC v1 data set.☆113Jun 13, 2018Updated 7 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆168Dec 10, 2018Updated 7 years ago
- Python script which will type a file into an RDP session. For when drag and drop and disk mounting is not possible☆33May 3, 2024Updated last year
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if …☆97Jun 6, 2024Updated last year
- Evading WinDefender ATP credential-theft☆256Dec 2, 2019Updated 6 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- A tool for secrets management, encryption as a service, and privileged access management☆13Jul 17, 2025Updated 7 months ago