Alternatives and similar repositories for PS-MOTW

Users that are interested in PS-MOTW are comparing it to the libraries listed below

• olafhartong / PockETWatcher
  a tiny program to consume from ETW providers for research
  ☆48Updated 5 months ago
• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆38Updated 2 years ago
• andreisss / Living-off-the-COM-Type-Coercion-Abuse
  This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…
  ☆39Updated 3 weeks ago
• jborean93 / AmsiProvider
  Test AMSI Provider implementation in C#
  ☆41Updated 5 months ago
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 10 months ago
• jonny-jhnson / LDAPMon
  ☆45Updated last year
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆41Updated last year
• decoder-it / Troopers24
  ☆41Updated 10 months ago
• OffenseTeacher / Steganim
  ☆48Updated last year
• cod3nym / Ghosting-AMSI
  Ghosting-AMSI
  ☆17Updated last month
• klezVirus / koppeling-p
  Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
  ☆78Updated 10 months ago
• mr-r3bot / bof-modules
  BOF for C2 framework
  ☆41Updated 6 months ago
• Slowerzs / CryptDecryptMemory
  ☆30Updated 6 months ago
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆26Updated last year
• joe-desimone / rep-research
  ☆75Updated 10 months ago
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 11 months ago
• Tylous / Ivy
  Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …
  ☆21Updated 2 years ago
• ADPunisher / OwnershipStealer
  ☆27Updated 2 years ago
• Cipher7 / havoc-PoolParty
  Windows Thread Pool Injection Havoc Implementation
  ☆30Updated last year
• t94j0 / sddl_py
  Parse SDDL strings
  ☆36Updated last year
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆49Updated last year
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆25Updated 2 months ago
• D4rthMaulCop / DumpKernel-S1
  A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
  ☆20Updated 2 months ago
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆75Updated 2 years ago
• Fitretech-Security / dylight
  macOS dylib stager
  ☆33Updated 4 months ago
• huntandhackett / PassiveAggression
  Source code and examples for PassiveAggression
  ☆61Updated last year
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• kapellos / LNKSmuggler
  A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.
  ☆50Updated 4 months ago
• persistent-security / hermes-the-messenger
  A PoC for achieving persistence via push notifications on Windows
  ☆46Updated last year