Documentation and supporting script sample for Windows Exploit Guard
☆169Sep 8, 2025Updated 5 months ago
Alternatives and similar repositories for exploitguard
Users that are interested in exploitguard are comparing it to the libraries listed below
Sorting:
- Process reimaging proof of concept code☆97Jun 21, 2019Updated 6 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 3 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 6 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Jul 8, 2022Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆285May 14, 2020Updated 5 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆431May 22, 2020Updated 5 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆47Sep 18, 2020Updated 5 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆88Oct 6, 2020Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆150May 29, 2020Updated 5 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆218Mar 5, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago
- Tools for discovery and abuse of COM hijacks☆333Oct 15, 2019Updated 6 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- ☆115Jul 18, 2019Updated 6 years ago
- Slides from my talk in "Hackinparis" 2019 edition☆91Jun 22, 2019Updated 6 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Jul 13, 2023Updated 2 years ago
- A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies☆240Mar 2, 2022Updated 3 years ago
- Tool to create hidden registry keys.☆491Oct 23, 2019Updated 6 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago
- Virtual Machine Introspection, Tracing & Debugging☆595Feb 22, 2022Updated 4 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆753Dec 15, 2025Updated 2 months ago
- Windows Kernel Programming☆133May 11, 2020Updated 5 years ago
- Some .ps1 scripts for pentesting☆140Jan 6, 2026Updated last month
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆162Apr 11, 2017Updated 8 years ago
- A simple C++ driver base with KD data block☆11Jun 25, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Local privilege escalation PoC exploit for CVE-2019-16098☆201Sep 13, 2019Updated 6 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆842Jun 25, 2024Updated last year
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Crystal Anti-Exploit Protection 2012☆37May 31, 2020Updated 5 years ago