nccgroup / mimikatz-detector-condrv

The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent to or from the ConDrv. ConDrv is a device created by condrv.sys, which handles the traffic between the Console Application (cmd/powershell/etc) and the actual console (conhost.exe).

☆36

Alternatives and similar repositories for mimikatz-detector-condrv:

Users that are interested in mimikatz-detector-condrv are comparing it to the libraries listed below

jsecurity101 / MSFT_DriverBlockList
Repository of Microsoft Driver Block Lists based off of OS-builds
☆39Updated 9 months ago
trailofbits / WinDbg-JS
☆24Updated last year
elastic / PPLGuard
☆69Updated last year
jbaines-r7 / dellicious
Enabled / Disable LSA Protection via BYOVD
☆65Updated 3 years ago
benheise / TitanLdr
Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
☆44Updated 3 years ago
thefLink / Hunt-Weird-ImageLoads
Small tool to play with IOCs caused by Imageload events
☆42Updated last year
jsecurity101 / LDAPMon
☆45Updated last year
rbmm / LdrpKernel32DllName
☆84Updated 7 months ago
7eRoM / elam
A Practical example of ELAM (Early Launch Anti-Malware)
☆33Updated 3 years ago
0xMegaByte / COM-Explained
☆27Updated 2 years ago
matterpreter / cpuid
A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
☆24Updated last year
whokilleddb / ETWListicle
List the ETW provider(s) in the registration table of a process.
☆52Updated last year
Dump-GUY / Get-PDInvokeImports
Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
☆53Updated 2 years ago
jdu2600 / Etw-SyscallMonitor
Monitors ETW for security relevant syscalls maintaining the set called by each unique process
☆54Updated last year
SolomonSklash / COM-Hijacking
An example of COM hijacking using a proxy DLL.
☆25Updated 3 years ago
Slowerzs / CryptDecryptMemory
☆29Updated last month
GetRektBoy724 / SyscallShuffler
Your NTDLL vaccine from modern direct syscall methods.
☆35Updated 2 years ago
Flawww / NtSyscaller
Manually perform syscalls without going through any external API or DLL.
☆17Updated last year
LloydLabs / process-enumeration-stealth
☆79Updated 4 months ago
Idov31 / UdpInspector
Listing UDP connections with remote address without sniffing.
☆30Updated last year
pathtofile / SealighterTI
Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
☆168Updated 2 years ago
Allevon412 / PPL_Sandboxer
☆80Updated 2 years ago
mobdk / CloneProcess
Clone running process with ZwCreateProcess
☆58Updated 4 years ago
sensepost / offensive-rpc
Offensive RPC PoC
☆84Updated 3 years ago
nccgroup / DetectWindowsCopyOnWriteForAPI
Enumerate various traits from Windows processes as an aid to threat hunting
☆185Updated 3 years ago
ch3rn0byl / WinDbg-Extensions
☆18Updated 3 years ago