Alternatives and similar repositories for PS-MOTW:

Users that are interested in PS-MOTW are comparing it to the libraries listed below

• olafhartong / PockETWatcher
  a tiny program to consume from ETW providers for research
  ☆47Updated 3 months ago
• jborean93 / AmsiProvider
  Test AMSI Provider implementation in C#
  ☆40Updated 4 months ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆98Updated last year
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆49Updated last year
• decoder-it / Troopers24
  ☆41Updated 9 months ago
• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆37Updated 2 years ago
• joe-desimone / rep-research
  ☆72Updated 8 months ago
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆54Updated 2 years ago
• jsecurity101 / LDAPMon
  ☆45Updated last year
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 9 months ago
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆40Updated last year
• Bl4ckM1rror / PEAs
  ☆59Updated last year
• ADPunisher / OwnershipStealer
  ☆27Updated last year
• fern89 / runpe-x64
  RunPE adapted for x64 and written in C, does not use RWX
  ☆25Updated 11 months ago
• t94j0 / sddl_py
  Parse SDDL strings
  ☆35Updated last year
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆24Updated 2 weeks ago
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆61Updated last year
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆75Updated 2 years ago
• nothingspecialforu / EvtPsst
  EvtPsst
  ☆53Updated last year
• Cipher7 / havoc-PoolParty
  Windows Thread Pool Injection Havoc Implementation
  ☆29Updated last year
• D4rthMaulCop / DumpKernel-S1
  A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
  ☆20Updated 3 weeks ago
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 9 months ago
• mr-r3bot / bof-modules
  BOF for C2 framework
  ☆41Updated 5 months ago
• rtfmkiesel / loldrivers-client
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆82Updated last year
• grayhatkiller / SharpExShell
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆70Updated 11 months ago
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• EvilBytecode / Lifetime-AmsiBypass
  Lifetime AMSI bypass.
  ☆35Updated 9 months ago
• xelemental / Mal-LNK-Generator
  ☆34Updated 3 weeks ago
• Wh04m1001 / GamingServiceEoP5
  ☆28Updated 11 months ago
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆46Updated last year