nmantani / PS-MOTW
PS-MOTW: PowerShell scripts to set / show / remove MOTW (Mark of the Web)
☆36Updated last year
Alternatives and similar repositories for PS-MOTW:
Users that are interested in PS-MOTW are comparing it to the libraries listed below
- a tiny program to consume from ETW providers for research☆47Updated 3 months ago
- Test AMSI Provider implementation in C#☆40Updated 4 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆98Updated last year
- A more reliable way of resolving syscall numbers in Windows☆49Updated last year
- ☆41Updated 9 months ago
- quASAR: ASAR manipulation made easy☆37Updated 2 years ago
- ☆72Updated 8 months ago
- Tool for playing with Windows Access Token manipulation.☆54Updated 2 years ago
- ☆45Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆16Updated 9 months ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆40Updated last year
- ☆59Updated last year
- ☆27Updated last year
- RunPE adapted for x64 and written in C, does not use RWX☆25Updated 11 months ago
- Parse SDDL strings☆35Updated last year
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆24Updated 2 weeks ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- EvtPsst☆53Updated last year
- Windows Thread Pool Injection Havoc Implementation☆29Updated last year
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆20Updated 3 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 9 months ago
- BOF for C2 framework☆41Updated 5 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆70Updated 11 months ago
- Extension functionality for the NightHawk operator client☆27Updated last year
- Lifetime AMSI bypass.☆35Updated 9 months ago
- ☆34Updated 3 weeks ago
- ☆28Updated 11 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year