olafhartong / PockETWatcherLinks
a tiny program to consume from ETW providers for research
☆48Updated 4 months ago
Alternatives and similar repositories for PockETWatcher
Users that are interested in PockETWatcher are comparing it to the libraries listed below
Sorting:
- ☆45Updated last year
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆17Updated 5 months ago
- ☆69Updated last year
- Test AMSI Provider implementation in C#☆41Updated 5 months ago
- An Ansible collection that installs an ADFS deployment with optional configurations.☆38Updated 5 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆79Updated 9 months ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆37Updated 2 weeks ago
- ☆50Updated 7 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆98Updated last year
- ☆41Updated 10 months ago
- ☆14Updated last year
- HTML Smuggling with Web Assembly☆61Updated last year
- Living Off the Foreign Land setup scripts☆70Updated 3 months ago
- Shows which M365 Objects have Privileged Access and what type (i.e. PIM, Direct, Currently Elevated)☆24Updated 2 weeks ago
- msuserstats is a comprehensive Powershell tool to manage accounts from Microsoft Entra ID and Active Directory. It supports: a unified vi…☆40Updated 2 months ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52Updated last year
- SACL Scanner is a tool designed to scan and analyze SACLs.☆38Updated 3 months ago
- Yara Rules for Modern Malware☆77Updated last year
- ☆75Updated 9 months ago
- ☆88Updated 2 years ago
- Linux CS bypass technique☆33Updated 3 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 10 months ago
- macOS dylib stager☆33Updated 4 months ago
- Resources Links for the Research Based on Josh Prager and Nico Shyne's☆13Updated 7 months ago
- Microsoft Graph API post-exploitation toolkit☆94Updated 10 months ago
- Modified-Thycotic-Secret-Stealer for use with DPAPI and offline Decryption☆19Updated 2 years ago
- ☆61Updated last year
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆41Updated last year
- quASAR: ASAR manipulation made easy☆38Updated 2 years ago
- ☆75Updated 2 years ago