olafhartong / PockETWatcherLinks
a tiny program to consume from ETW providers for research
☆49Updated 5 months ago
Alternatives and similar repositories for PockETWatcher
Users that are interested in PockETWatcher are comparing it to the libraries listed below
Sorting:
- ☆45Updated last year
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆19Updated 5 months ago
- quASAR: ASAR manipulation made easy☆38Updated 2 years ago
- An Ansible collection that installs an ADFS deployment with optional configurations.☆39Updated 6 months ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆43Updated last month
- Shows which M365 Objects have Privileged Access and what type (i.e. PIM, Direct, Currently Elevated)☆25Updated last month
- ☆41Updated 11 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆80Updated 9 months ago
- Test AMSI Provider implementation in C#☆41Updated 6 months ago
- ☆69Updated last year
- Source code and examples for PassiveAggression☆61Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 11 months ago
- Living Off the Foreign Land setup scripts☆70Updated 3 months ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52Updated last year
- msuserstats is a comprehensive Powershell tool to manage accounts from Microsoft Entra ID and Active Directory. It supports: a unified vi…☆41Updated 3 months ago
- Repo containing my public talks☆23Updated 2 years ago
- macOS dylib stager☆33Updated 5 months ago
- Microsoft Graph API post-exploitation toolkit☆94Updated 11 months ago
- SACL Scanner is a tool designed to scan and analyze SACLs.☆38Updated 4 months ago
- ☆14Updated last year
- PowerShell PE Parser☆63Updated 11 months ago
- rust port of pspy with support for process monitoring over dbus☆28Updated last week
- HTML Smuggling with Web Assembly☆61Updated last year
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆36Updated 4 months ago
- Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Serv…☆25Updated last year
- ☆88Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆39Updated 2 weeks ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Updated 2 years ago
- Lifetime AMSI bypass.☆35Updated 2 months ago