Documentation and supporting script sample for Windows Exploit Guard
☆168Sep 8, 2025Updated 7 months ago
Alternatives and similar repositories for exploitguard
Users that are interested in exploitguard are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Process reimaging proof of concept code☆97Jun 21, 2019Updated 6 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆333May 2, 2024Updated last year
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆200Dec 6, 2022Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆242Nov 6, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆318Feb 22, 2020Updated 6 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆430May 22, 2020Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 6 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆56Jul 8, 2022Updated 3 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆91Oct 6, 2020Updated 5 years ago
- Run Processes as PPL with ELAM☆176Mar 17, 2022Updated 4 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆48Sep 18, 2020Updated 5 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆285May 14, 2020Updated 5 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- Hijack Printconfig.dll to execute shellcode☆102Jan 15, 2021Updated 5 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 9 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Finding Truth in the Shadows☆127Jan 26, 2023Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Jul 13, 2023Updated 2 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆71Jun 30, 2019Updated 6 years ago
- ☆115Jul 18, 2019Updated 6 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆58Jun 21, 2020Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Mar 26, 2024Updated 2 years ago
- Sysmon-Like research tool for ETW☆388Nov 15, 2022Updated 3 years ago
- A simple C++ driver base with KD data block☆11Jun 25, 2022Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Tool to create hidden registry keys.☆488Oct 23, 2019Updated 6 years ago
- Tools for discovery and abuse of COM hijacks☆337Oct 15, 2019Updated 6 years ago
- A tool to facilitate ROP Chain Development for XML Character Sanitization☆20May 9, 2019Updated 6 years ago
- Virtual Machine Introspection, Tracing & Debugging☆598Feb 22, 2022Updated 4 years ago
- ☆135Dec 15, 2019Updated 6 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago