WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
☆169Mar 30, 2025Updated 11 months ago
Alternatives and similar repositories for wtfbins
Users that are interested in wtfbins are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- ☆27Feb 6, 2022Updated 4 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- ☆36May 27, 2024Updated last year
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- ☆11Jun 26, 2024Updated last year
- ☆262May 9, 2024Updated last year
- Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.☆667Jun 14, 2023Updated 2 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆46Apr 14, 2024Updated last year
- Rules generated from our investigations.☆204Jun 17, 2025Updated 9 months ago
- Notion as a platform for offensive operations☆1,179May 21, 2023Updated 2 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆25May 20, 2023Updated 2 years ago
- ☆234Jun 10, 2025Updated 9 months ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Using Microsoft 365 App Passwords for persistence☆23Sep 2, 2020Updated 5 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆131Mar 15, 2024Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆263Jun 29, 2024Updated last year
- ☆21May 8, 2022Updated 3 years ago
- The cActiveDirectorySecurity module contains PowerShell Functions which are designed to report on and manipulate Access Control Lists on …☆11Aug 31, 2018Updated 7 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- ☆119Jan 30, 2024Updated 2 years ago
- Purple Team Exercise Framework☆773Jan 4, 2024Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆317Aug 31, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- ☆381Aug 7, 2023Updated 2 years ago
- A collection of art inspired by the world of cybersecurity and hacking culture.☆42May 14, 2025Updated 10 months ago
- ☆13May 30, 2025Updated 9 months ago
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆56Jun 30, 2021Updated 4 years ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,078Dec 11, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆648Nov 7, 2025Updated 4 months ago
- Living Off The Land Drivers☆1,428Mar 13, 2026Updated 2 weeks ago
- quASAR: ASAR manipulation made easy☆38Sep 7, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- ☆91Jul 18, 2023Updated 2 years ago
- A tool for checking if MFA is enabled on multiple Microsoft Services☆1,640Mar 4, 2025Updated last year
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if y…☆99Jul 7, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago