A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
☆248Mar 2, 2022Updated 4 years ago
Alternatives and similar repositories for WDACTools
Users that are interested in WDACTools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆269May 14, 2026Updated last week
- Harden Windows with Windows Defender Application Control (WDAC)☆48Jul 26, 2024Updated last year
- windows rpc 使用MIDL+RPC实现HelloWorld☆24Mar 21, 2018Updated 8 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Robust and practical application control for Windows☆694Aug 12, 2022Updated 3 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆32Nov 25, 2019Updated 6 years ago
- A centralized resource for previously documented WDAC bypass techniques☆621Sep 8, 2025Updated 8 months ago
- ☆18Jul 24, 2019Updated 6 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆25Aug 12, 2025Updated 9 months ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- ☆123May 23, 2020Updated 6 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆168Sep 8, 2025Updated 8 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Credential Dumper☆81Feb 19, 2020Updated 6 years ago
- BloodHound Data Scanner☆45Jul 7, 2020Updated 5 years ago
- Reverse engineered source code of the autochk rootkit☆211Nov 1, 2019Updated 6 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- A Windows tool that converts LDIF files to BloodHound CE☆32Dec 20, 2025Updated 5 months ago
- Extract Windows Defender database from vdm files and unpack it☆485Apr 21, 2026Updated last month
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- AppLocker baseline configuration with the AaronLocker module. Used for testing with Windows 10, Intune etc.☆20Nov 21, 2025Updated 6 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆332May 2, 2024Updated 2 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Authenticode Hash Calculator for PE32/PE32+ files☆120Apr 5, 2026Updated last month
- Command like tool to print mitigation flags for running processes in a memory dump☆48Sep 18, 2020Updated 5 years ago
- ☆13May 30, 2025Updated 11 months ago
- Demonstrate the new FileDispositionInfoEx behavior☆15Nov 6, 2017Updated 8 years ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,287Nov 6, 2025Updated 6 months ago
- System Tray Tool for WDAC☆39Mar 28, 2026Updated last month
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆114May 27, 2017Updated 8 years ago
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆789Jan 22, 2020Updated 6 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆850Mar 11, 2021Updated 5 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- win10 pgContext dynamic dump (btc version)☆112Jan 15, 2020Updated 6 years ago
- A Bind Shell Using the Fax Service and a DLL Hijack☆333May 3, 2020Updated 6 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Jan 12, 2017Updated 9 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆139Aug 3, 2017Updated 8 years ago
- Enumerate Windows Defender threat families and dump their names according category☆96Apr 16, 2026Updated last month
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆114Oct 10, 2021Updated 4 years ago