mattifestation / WDACTools
A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
☆210Updated 3 years ago
Alternatives and similar repositories for WDACTools:
Users that are interested in WDACTools are comparing it to the libraries listed below
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆218Updated last week
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆286Updated 10 months ago
- Documentation and supporting script sample for Windows Exploit Guard☆155Updated 3 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- Module to provide PowerShell functions that abstract Win32 API functions☆242Updated 9 months ago
- A collection of free miscellaneous Windows tools☆131Updated 6 months ago
- Event Tracing For Windows (ETW) Resources☆363Updated 5 months ago
- A Powershell module that helps you identify AppLocker weaknesses☆165Updated 5 years ago
- ☆256Updated 3 months ago
- A set of troubleshooting, diagnostic, and information utilities for Windows☆54Updated 4 months ago
- RPC Monitor tool based on Event Tracing for Windows☆340Updated 6 months ago
- Tool to convert SDDL to readable text☆40Updated 6 years ago
- Sysmon-Like research tool for ETW☆351Updated 2 years ago
- PowerRunAsSystem is a PowerShell script, also available as an installable module through the PowerShell Gallery, designed to impersonate …☆258Updated 4 months ago
- Public content repo for ATA documentation in OPS☆75Updated last month
- Sysmon Tools for PowerShell☆229Updated 6 years ago
- Windows Diagnostics, Data Collection and Analysis tools☆165Updated 4 years ago
- ☆48Updated 8 months ago
- PowerShell Module for managing Microsoft Defender Advanced Threat Protection☆71Updated 2 years ago
- ☆495Updated 2 months ago
- Custom ADMX template focused on hardening Windows 10 & Windows 11 systems☆80Updated 2 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- ☆111Updated 5 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆90Updated 3 years ago
- ☆59Updated last year
- Windows Registry Knowledge Base☆172Updated 5 months ago
- Powershell Event Tracing Toolbox☆74Updated 2 years ago
- Run Processes as PPL with ELAM☆154Updated 2 years ago
- ☆146Updated 9 months ago
- ☆234Updated 10 months ago