A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies
☆64Dec 18, 2023Updated 2 years ago
Alternatives and similar repositories for WDACPolicies
Users that are interested in WDACPolicies are comparing it to the libraries listed below
Sorting:
- A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies☆242Mar 2, 2022Updated 4 years ago
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆258Feb 5, 2026Updated last month
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 6 months ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Nov 15, 2016Updated 9 years ago
- EventList☆377Mar 21, 2021Updated 4 years ago
- Appendix resources for Intrinsec's "Amélioration des capacités de détection" handbook.☆13Mar 26, 2018Updated 7 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Nov 10, 2018Updated 7 years ago
- ☆18Jul 24, 2019Updated 6 years ago
- PoSh BloodHound Dog Whisperer☆192May 23, 2023Updated 2 years ago
- PowerShell script to find 'vulnerable' security-related GPOs that should be hardended☆198Jun 1, 2018Updated 7 years ago
- Repository for my ATT&CK analysis research.☆70May 16, 2019Updated 6 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115May 27, 2017Updated 8 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- An intercepting proxy, based on Netty☆19Sep 14, 2017Updated 8 years ago
- Short Python script for parsing Defender VDM signature files.☆10Sep 22, 2024Updated last year
- A PowerShell module to assist in parsing and managing catalog files.☆22Jan 12, 2017Updated 9 years ago
- Experiments on the Windows Internals☆31Sep 22, 2019Updated 6 years ago
- Read Windows message table entries.☆11Feb 5, 2023Updated 3 years ago
- ☆16Jul 21, 2018Updated 7 years ago
- CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution☆31Jan 13, 2026Updated last month
- Execute Shellcode And Other Goodies From MMC☆14Jun 17, 2015Updated 10 years ago
- ☆21Dec 4, 2014Updated 11 years ago
- ☆13May 30, 2025Updated 9 months ago
- Robust and practical application control for Windows☆687Aug 12, 2022Updated 3 years ago
- Mapping of Binaries that allows Arbitrary Code Execution☆26May 10, 2018Updated 7 years ago
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆141Mar 7, 2018Updated 8 years ago
- DLL Password Filter Implant with Exfiltration Capabilities☆138Feb 24, 2020Updated 6 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- A wireshark plugin to instrument ETW☆579Jan 28, 2022Updated 4 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆32Nov 25, 2019Updated 6 years ago
- ps-like .NET Assembly for enumerating processes on the current machine or a remote machine.☆13Aug 12, 2019Updated 6 years ago
- Semgrep rules to identify GWT attack surface☆12Apr 28, 2022Updated 3 years ago
- My solutions in Python for Corelan's Exploit Writing Tutorials☆13Jun 2, 2016Updated 9 years ago
- A modern approach to password rotation for the local administrator account on Windows 10 workstations utilizing Microsoft Endpoint Config…☆11May 5, 2020Updated 5 years ago
- ☆115Jul 18, 2019Updated 6 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- Splunk Boss of the SOC v1 data set.☆113Jun 13, 2018Updated 7 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆168Dec 10, 2018Updated 7 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago