A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
☆240Mar 2, 2022Updated 4 years ago
Alternatives and similar repositories for WDACTools
Users that are interested in WDACTools are comparing it to the libraries listed below
Sorting:
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆256Feb 5, 2026Updated 3 weeks ago
- Harden Windows with Windows Defender Application Control (WDAC)☆48Jul 26, 2024Updated last year
- windows rpc 使用MIDL+RPC实现HelloWorld☆23Mar 21, 2018Updated 7 years ago
- A centralized resource for previously documented WDAC bypass techniques☆610Sep 8, 2025Updated 5 months ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- Reverse engineered source code of the autochk rootkit☆210Nov 1, 2019Updated 6 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- ☆125May 23, 2020Updated 5 years ago
- Extract Windows Defender database from vdm files and unpack it☆476Feb 23, 2026Updated last week
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 6 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆26Dec 20, 2025Updated 2 months ago
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 5 months ago
- Credential Dumper☆79Feb 19, 2020Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- A Bind Shell Using the Fax Service and a DLL Hijack☆332May 3, 2020Updated 5 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆32Nov 25, 2019Updated 6 years ago
- first commit☆64Oct 29, 2020Updated 5 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆139Aug 3, 2017Updated 8 years ago
- Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.☆26Oct 25, 2020Updated 5 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago
- BloodHound Data Scanner☆45Jul 7, 2020Updated 5 years ago
- Robust and practical application control for Windows☆687Aug 12, 2022Updated 3 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Jul 8, 2022Updated 3 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- Enumerate Windows Defender threat families and dump their names according category☆93May 27, 2019Updated 6 years ago
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆781Jan 22, 2020Updated 6 years ago
- Ps-Tools, an advanced process monitoring toolkit for offensive operations☆355Dec 1, 2020Updated 5 years ago
- PoC for proxying COM objects when hijacking☆214Sep 10, 2019Updated 6 years ago
- View ETW Provider manifest☆574Nov 1, 2024Updated last year
- Command like tool to print mitigation flags for running processes in a memory dump☆47Sep 18, 2020Updated 5 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,267Nov 6, 2025Updated 3 months ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆94Feb 24, 2019Updated 7 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆129May 25, 2021Updated 4 years ago