WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
☆169Mar 30, 2025Updated 11 months ago
Alternatives and similar repositories for wtfbins
Users that are interested in wtfbins are comparing it to the libraries listed below
Sorting:
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- ☆10Jun 26, 2024Updated last year
- ☆27Feb 6, 2022Updated 4 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆25May 20, 2023Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆261Jun 29, 2024Updated last year
- ☆261May 9, 2024Updated last year
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- The cActiveDirectorySecurity module contains PowerShell Functions which are designed to report on and manipulate Access Control Lists on …☆11Aug 31, 2018Updated 7 years ago
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆668Jun 14, 2023Updated 2 years ago
- Canary Hunter aims to be a quick PowerShell script to check for Common Canaries in various formats generated for free on canarytokens.org☆123Nov 9, 2022Updated 3 years ago
- ☆376Aug 7, 2023Updated 2 years ago
- ☆232Jun 10, 2025Updated 8 months ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Mar 15, 2024Updated last year
- OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threat research tea…☆20Sep 22, 2021Updated 4 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 8 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆43Apr 14, 2024Updated last year
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa�…☆646Nov 7, 2025Updated 4 months ago
- Execute PowerShell code at the antimalware-light protection level.☆142Dec 13, 2022Updated 3 years ago
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆1,056Oct 14, 2025Updated 4 months ago
- An easy way to convert BloodHound output files into data that can be imported into reporting software like Dradis and Plextrac. Built by …☆18Oct 15, 2020Updated 5 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- A tool for checking if MFA is enabled on multiple Microsoft Services☆1,635Mar 4, 2025Updated last year
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpo…☆51Aug 15, 2019Updated 6 years ago
- Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if y…☆99Jul 7, 2023Updated 2 years ago
- A Rust-based dropper for shellcode payloads.☆72Mar 21, 2025Updated 11 months ago
- Living Off The Land Drivers☆1,418Feb 12, 2026Updated 3 weeks ago
- ☆36May 27, 2024Updated last year
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- ☆215Dec 2, 2025Updated 3 months ago
- ☆301Oct 29, 2024Updated last year
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 11 months ago
- TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts☆1,371Oct 22, 2025Updated 4 months ago
- Execute Mimikatz with different technique☆51Nov 8, 2021Updated 4 years ago