WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
☆170Mar 30, 2025Updated last year
Alternatives and similar repositories for wtfbins
Users that are interested in wtfbins are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- ☆27Feb 6, 2022Updated 4 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- ☆36May 27, 2024Updated last year
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆11Jun 26, 2024Updated last year
- ☆263May 9, 2024Updated 2 years ago
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆668Jun 14, 2023Updated 2 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆46Apr 14, 2024Updated 2 years ago
- Rules generated from our investigations.☆208Jun 17, 2025Updated 10 months ago
- Notion as a platform for offensive operations☆1,179May 21, 2023Updated 2 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆25May 20, 2023Updated 2 years ago
- ☆235Jun 10, 2025Updated 10 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Using Microsoft 365 App Passwords for persistence☆23Sep 2, 2020Updated 5 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆132Mar 15, 2024Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆267Jun 29, 2024Updated last year
- ☆21May 8, 2022Updated 4 years ago
- The cActiveDirectorySecurity module contains PowerShell Functions which are designed to report on and manipulate Access Control Lists on …☆11Aug 31, 2018Updated 7 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- ☆121Jan 30, 2024Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- Purple Team Exercise Framework☆783Apr 9, 2026Updated 3 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- ☆384Aug 7, 2023Updated 2 years ago
- A collection of art inspired by the world of cybersecurity and hacking culture.☆42May 14, 2025Updated 11 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB☆24Jun 27, 2025Updated 10 months ago
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆56Jun 30, 2021Updated 4 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆650Nov 7, 2025Updated 6 months ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,111Dec 11, 2024Updated last year
- quASAR: ASAR manipulation made easy☆38Sep 7, 2022Updated 3 years ago
- Living Off The Land Drivers☆1,612Updated this week
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆91Jul 18, 2023Updated 2 years ago
- A tool for checking if MFA is enabled on multiple Microsoft Services☆1,661Apr 13, 2026Updated 3 weeks ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Documentation and scripts to properly enable Windows event logs.☆694Oct 3, 2025Updated 7 months ago
- Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if y…☆99Jul 7, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆27Nov 3, 2023Updated 2 years ago