PS-MOTW: PowerShell scripts to set / show / remove MOTW (Mark of the Web)
☆56Nov 16, 2023Updated 2 years ago
Alternatives and similar repositories for PS-MOTW
Users that are interested in PS-MOTW are comparing it to the libraries listed below
Sorting:
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆44Jan 10, 2024Updated 2 years ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆204Dec 27, 2023Updated 2 years ago
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- XDNR is a X0R Cryptor along with DEC/N0T/R0R encoder plus random byte insertion encoder, that generates null free encrypted and encoded s…☆17Jul 12, 2022Updated 3 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆59Dec 15, 2023Updated 2 years ago
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- ECC Public Key Cryptography☆37Oct 29, 2023Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Dec 16, 2023Updated 2 years ago
- Example code samples from our ScriptBlock Smuggling Blog post☆95Jun 18, 2024Updated last year
- in-process powershell runner for BRC4☆48Oct 31, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 3 months ago
- ErebusGate for Nim Bypass AV/EDR☆162Nov 7, 2022Updated 3 years ago
- Hide memory artifacts using ROP and hardware breakpoints.☆146Oct 20, 2023Updated 2 years ago
- Remote Shellcode Injector☆220Aug 27, 2023Updated 2 years ago
- Experience the power of a PHP webshell designed to overcome the limitations of blacklisted system/exec functions.☆26Jul 14, 2024Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Distributed phishing framework designed to streamline offensive security phishing��☆41Feb 16, 2023Updated 3 years ago
- Notes some analysis related to VidarStealer sample☆16May 5, 2024Updated last year
- Only for educational purposes☆12Jun 17, 2023Updated 2 years ago
- ☆16Apr 21, 2023Updated 2 years ago
- ☆152Oct 2, 2023Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- ☆60Jan 9, 2023Updated 3 years ago
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆85Feb 26, 2023Updated 3 years ago
- Etwti-UnhookPOC just for test☆12Aug 23, 2022Updated 3 years ago
- Erebus is a payload generator written in Nim.☆16Jun 13, 2023Updated 2 years ago
- A dotnet executable to get an Entra token in an authenticated runtime☆16Oct 30, 2024Updated last year
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 3 years ago
- TL;DR: Mutate a binary to identify potential exploit candidates☆11Jan 12, 2026Updated last month
- A Bumblebee-inspired Crypter☆79Dec 5, 2022Updated 3 years ago
- Reproducing the SkeletonKey malware.☆11Apr 6, 2024Updated last year
- ☆35Dec 21, 2023Updated 2 years ago
- Auditing Hooks for https://github.com/jborean93/PSDetour☆13Apr 29, 2025Updated 10 months ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆35Oct 31, 2023Updated 2 years ago
- A Docker container used to easily compile Nim binaries generated by my tools (NimPackt and NimPlant)☆16Aug 31, 2023Updated 2 years ago
- easy dll proxying in go☆14Apr 24, 2022Updated 3 years ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆407Sep 12, 2023Updated 2 years ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆185Aug 2, 2023Updated 2 years ago
- VBA Macro obfuscator☆13Sep 20, 2020Updated 5 years ago