nccgroup / mimikatz-detector-condrvView external linksLinks
The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent to or from the ConDrv. ConDrv is a device created by condrv.sys, which handles the traffic between the Console Application (cmd/powershell/etc) and the actual console (conhost.exe).
☆41Sep 6, 2022Updated 3 years ago
Alternatives and similar repositories for mimikatz-detector-condrv
Users that are interested in mimikatz-detector-condrv are comparing it to the libraries listed below
Sorting:
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…☆21Sep 6, 2022Updated 3 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- Ludus role for deploying a Mythic Teamserver onto Linux servers☆23Mar 16, 2025Updated 11 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- ☆36Oct 26, 2023Updated 2 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆18Mar 1, 2021Updated 4 years ago
- ☆26Aug 5, 2025Updated 6 months ago
- Mentally ill EtwTi parser☆67Jan 11, 2026Updated last month
- A journal for $6,000 Riot Vanguard bounty.☆67Sep 22, 2023Updated 2 years ago
- ☆83Aug 26, 2024Updated last year
- ☆37May 8, 2022Updated 3 years ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- ☆11Sep 30, 2023Updated 2 years ago
- Proofs-Of-360Security Sandbox Escape☆10Mar 18, 2022Updated 3 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 8 months ago
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆14Feb 23, 2022Updated 3 years ago
- HoneyDB Python Module☆14Feb 6, 2024Updated 2 years ago
- Offline Active Directory Domain Services (AD DS) Join☆12Jan 4, 2017Updated 9 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆108Jul 31, 2019Updated 6 years ago
- IOXIDResolver from AirBus Security/PingCastle☆51Nov 25, 2020Updated 5 years ago
- ☆60Jan 9, 2023Updated 3 years ago
- Ghidra script which fully parses COFF files☆12Oct 18, 2024Updated last year
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Mar 3, 2022Updated 3 years ago
- Decrypting and intercepting encrypted imports of Vanguards Kernel Driver☆34Feb 13, 2024Updated 2 years ago
- Windows Kernel Programming Experiments☆84Sep 18, 2022Updated 3 years ago
- Notification webhook for GoPhish☆58Jun 10, 2024Updated last year
- single-threaded event driven sleep obfuscation poc for linux☆37Jun 14, 2025Updated 8 months ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- Small driver that uses alternative syscalls feature (the project is still under development).☆18May 9, 2024Updated last year
- A service container for interacting with SRA's VECTR☆16Apr 9, 2025Updated 10 months ago
- POC For CVE-2022-24483☆14Apr 12, 2022Updated 3 years ago
- An automatic Bot that generates and checks Fortnite gift codes.☆10Jan 9, 2021Updated 5 years ago
- Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.☆136Nov 10, 2021Updated 4 years ago
- NetSPI HTTP Scrapers☆29Jul 9, 2019Updated 6 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆70Mar 25, 2022Updated 3 years ago
- My personal shellcode loader☆32Mar 9, 2023Updated 2 years ago