WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
☆169Mar 30, 2025Updated last year
Alternatives and similar repositories for wtfbins
Users that are interested in wtfbins are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- ☆27Feb 6, 2022Updated 4 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- ☆36May 27, 2024Updated last year
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆11Jun 26, 2024Updated last year
- ☆261May 9, 2024Updated last year
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆664Jun 14, 2023Updated 2 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆45Apr 14, 2024Updated 2 years ago
- Rules generated from our investigations.☆207Jun 17, 2025Updated 10 months ago
- Notion as a platform for offensive operations☆1,173May 21, 2023Updated 2 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆25May 20, 2023Updated 2 years ago
- ☆234Jun 10, 2025Updated 10 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Using Microsoft 365 App Passwords for persistence☆23Sep 2, 2020Updated 5 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆131Mar 15, 2024Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆264Jun 29, 2024Updated last year
- ☆21May 8, 2022Updated 3 years ago
- The cActiveDirectorySecurity module contains PowerShell Functions which are designed to report on and manipulate Access Control Lists on …☆11Aug 31, 2018Updated 7 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- ☆120Jan 30, 2024Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- Purple Team Exercise Framework☆777Apr 9, 2026Updated last week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- ☆384Aug 7, 2023Updated 2 years ago
- A collection of art inspired by the world of cybersecurity and hacking culture.☆42May 14, 2025Updated 11 months ago
- ☆13May 30, 2025Updated 10 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB☆24Jun 27, 2025Updated 9 months ago
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆56Jun 30, 2021Updated 4 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆649Nov 7, 2025Updated 5 months ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,083Dec 11, 2024Updated last year
- quASAR: ASAR manipulation made easy☆38Sep 7, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Living Off The Land Drivers☆1,555Updated this week
- ☆91Jul 18, 2023Updated 2 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- A tool for checking if MFA is enabled on multiple Microsoft Services☆1,652Updated this week
- Documentation and scripts to properly enable Windows event logs.☆688Oct 3, 2025Updated 6 months ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if y…☆99Jul 7, 2023Updated 2 years ago