mattifestation/WDACTools external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mattifestation/WDACTools

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mattifestation/WDACTools)

Close

mattifestation / WDACToolsView on GitHubMore

• External links
• Readme badge

A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies

☆245Mar 2, 2022Updated 4 years ago

Alternatives and similar repositories for WDACTools

Users that are interested in WDACTools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mattifestation / WDACPolicies

  View on GitHub
  A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies
  ☆64Dec 18, 2023Updated 2 years ago
• MicrosoftDocs / WDAC-Toolkit

  View on GitHub
  Documentation and tools to access Windows Defender Application Control (WDAC) technology.
  ☆265Mar 23, 2026Updated 3 weeks ago
• simeononsecurity / Windows-Defender-Application-Control-Hardening

  View on GitHub
  Harden Windows with Windows Defender Application Control (WDAC)
  ☆48Jul 26, 2024Updated last year
• muxq / hellorpc

  View on GitHub
  windows rpc 使用MIDL+RPC实现HelloWorld
  ☆23Mar 21, 2018Updated 8 years ago
• mattifestation / PSSysmonTools

  View on GitHub
  Sysmon Tools for PowerShell
  ☆233Aug 17, 2018Updated 7 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• microsoft / AaronLocker

  View on GitHub
  Robust and practical application control for Windows
  ☆688Aug 12, 2022Updated 3 years ago
• mattifestation / WindowsEventLogMetadata

  View on GitHub
  Event metadata collected across all manifest-based ETW providers on Window 10 1903
  ☆32Nov 25, 2019Updated 6 years ago
• bohops / UltimateWDACBypassList

  View on GitHub
  A centralized resource for previously documented WDAC bypass techniques
  ☆616Sep 8, 2025Updated 7 months ago
• arekfurt / WinAWL

  View on GitHub
  ☆18Jul 24, 2019Updated 6 years ago
• NioZow / Imperium

  View on GitHub
  A C++/Asm template for PIC/EXE/DLL malware
  ☆24Aug 12, 2025Updated 8 months ago
• two06 / AMSI_Handler

  View on GitHub
  Automate AV evasion by calling AMSI
  ☆88May 31, 2023Updated 2 years ago
• fIappy / infhook19041

  View on GitHub
  ☆125May 23, 2020Updated 5 years ago
• outflanknl / TamperETW

  View on GitHub
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆192Mar 26, 2020Updated 6 years ago
• palantir / exploitguard

  View on GitHub
  Documentation and supporting script sample for Windows Exploit Guard
  ☆169Sep 8, 2025Updated 7 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• djhohnstein / KittyLitter

  View on GitHub
  Credential Dumper
  ☆79Feb 19, 2020Updated 6 years ago
• SadProcessor / WatchDog

  View on GitHub
  BloodHound Data Scanner
  ☆45Jul 7, 2020Updated 5 years ago
• repnz / autochk-rootkit

  View on GitHub
  Reverse engineered source code of the autochk rootkit
  ☆211Nov 1, 2019Updated 6 years ago
• secrary / Hooking-via-InstrumentationCallback

  View on GitHub
  codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
  ☆183Nov 30, 2017Updated 8 years ago
• kypvas / LDIFToBloodHound

  View on GitHub
  A Windows tool that converts LDIF files to BloodHound CE
  ☆31Dec 20, 2025Updated 3 months ago
• gabriellandau / CISpotter

  View on GitHub
  Code Integrity Violation Spotter
  ☆17Jun 11, 2024Updated last year
• hfiref0x / WDExtract

  View on GitHub
  Extract Windows Defender database from vdm files and unpack it
  ☆479Updated this week
• aaronparker / AppLocker

  View on GitHub
  AppLocker baseline configuration with the AaronLocker module. Used for testing with Windows 10, Intune etc.
  ☆21Nov 21, 2025Updated 4 months ago
• jdu2600 / Windows10EtwEvents

  View on GitHub
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆332May 2, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• hfiref0x / AuthHashCalc

  View on GitHub
  Authenticode Hash Calculator for PE32/PE32+ files
  ☆121Apr 5, 2026Updated last week
• yardenshafir / MitigationFlagsCliTool

  View on GitHub
  Command like tool to print mitigation flags for running processes in a memory dump
  ☆48Sep 18, 2020Updated 5 years ago
• Harvester57 / Exploit-Protection-policy

  View on GitHub
  ☆13May 30, 2025Updated 10 months ago
• OSRDrivers / deleteex

  View on GitHub
  Demonstrate the new FileDispositionInfoEx behavior
  ☆15Nov 6, 2017Updated 8 years ago
• googleprojectzero / sandbox-attacksurface-analysis-tools

  View on GitHub
  Set of tools to analyze Windows sandboxes for exposed attack surface.
  ☆2,277Nov 6, 2025Updated 5 months ago
• WildByDesign / WDACTrayTool

  View on GitHub
  System Tray Tool for WDAC
  ☆39Mar 28, 2026Updated 2 weeks ago
• mattifestation / DeviceGuardBypassMitigationRules

  View on GitHub
  A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses
  ☆115May 27, 2017Updated 8 years ago
• HyperSine / Windows10-CustomKernelSigners

  View on GitHub
  Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…
  ☆785Jan 22, 2020Updated 6 years ago
• jthuraisamy / TelemetrySourcerer

  View on GitHub
  Enumerate and disable common sources of telemetry used by AV/EDR.
  ☆848Mar 11, 2021Updated 5 years ago
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• nullenc0de / trust-validator

  View on GitHub
  Validates priv escalation of AD trusts
  ☆47Apr 1, 2025Updated last year
• zhuhuibeishadiao / PatchGuardResearch

  View on GitHub
  win10 pgContext dynamic dump (btc version)
  ☆112Jan 15, 2020Updated 6 years ago
• ionescu007 / faxhell

  View on GitHub
  A Bind Shell Using the Fax Service and a DLL Hijack
  ☆333May 3, 2020Updated 5 years ago
• mattifestation / CatalogTools

  View on GitHub
  A PowerShell module to assist in parsing and managing catalog files.
  ☆22Jan 12, 2017Updated 9 years ago
• tyranid / DeviceGuardBypasses

  View on GitHub
  A repository of some of my Windows 10 Device Guard Bypasses
  ☆139Aug 3, 2017Updated 8 years ago
• hfiref0x / MpEnum

  View on GitHub
  Enumerate Windows Defender threat families and dump their names according category
  ☆95May 27, 2019Updated 6 years ago
• FuzzySecurity / BlueHatIL-2020

  View on GitHub
  BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET
  ☆149Feb 15, 2020Updated 6 years ago