A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
☆243Mar 2, 2022Updated 4 years ago
Alternatives and similar repositories for WDACTools
Users that are interested in WDACTools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆260Feb 5, 2026Updated last month
- Harden Windows with Windows Defender Application Control (WDAC)☆48Jul 26, 2024Updated last year
- windows rpc 使用MIDL+RPC实现HelloWorld☆23Mar 21, 2018Updated 8 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- ☆23May 22, 2023Updated 2 years ago
- Robust and practical application control for Windows☆689Aug 12, 2022Updated 3 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆32Nov 25, 2019Updated 6 years ago
- A centralized resource for previously documented WDAC bypass techniques☆614Sep 8, 2025Updated 6 months ago
- ☆18Jul 24, 2019Updated 6 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 7 months ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- ☆125May 23, 2020Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 6 months ago
- Credential Dumper☆79Feb 19, 2020Updated 6 years ago
- BloodHound Data Scanner☆45Jul 7, 2020Updated 5 years ago
- Reverse engineered source code of the autochk rootkit☆210Nov 1, 2019Updated 6 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆182Nov 30, 2017Updated 8 years ago
- A Windows tool that converts LDIF files to BloodHound CE☆31Dec 20, 2025Updated 3 months ago
- Extract Windows Defender database from vdm files and unpack it☆476Feb 23, 2026Updated last month
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- AppLocker baseline configuration with the AaronLocker module. Used for testing with Windows 10, Intune etc.☆21Nov 21, 2025Updated 4 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆330May 2, 2024Updated last year
- Authenticode Hash Calculator for PE32/PE32+ files☆122Mar 8, 2026Updated 2 weeks ago
- Command like tool to print mitigation flags for running processes in a memory dump☆47Sep 18, 2020Updated 5 years ago
- System Tray Tool for WDAC☆37Jun 25, 2025Updated 8 months ago
- ☆13May 30, 2025Updated 9 months ago
- Demonstrate the new FileDispositionInfoEx behavior☆15Nov 6, 2017Updated 8 years ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,276Nov 6, 2025Updated 4 months ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115May 27, 2017Updated 8 years ago
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆783Jan 22, 2020Updated 6 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆843Mar 11, 2021Updated 5 years ago
- Validates priv escalation of AD trusts☆47Apr 1, 2025Updated 11 months ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- A Bind Shell Using the Fax Service and a DLL Hijack☆332May 3, 2020Updated 5 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Jan 12, 2017Updated 9 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆139Aug 3, 2017Updated 8 years ago
- Enumerate Windows Defender threat families and dump their names according category☆94May 27, 2019Updated 6 years ago