Documentation and supporting script sample for Windows Exploit Guard
☆169Sep 8, 2025Updated 6 months ago
Alternatives and similar repositories for exploitguard
Users that are interested in exploitguard are comparing it to the libraries listed below
Sorting:
- Process reimaging proof of concept code☆97Jun 21, 2019Updated 6 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆330May 2, 2024Updated last year
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆198Dec 6, 2022Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆431May 22, 2020Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆56Jul 8, 2022Updated 3 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆90Oct 6, 2020Updated 5 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 4 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆47Sep 18, 2020Updated 5 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆285May 14, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- Hijack Printconfig.dll to execute shellcode☆101Jan 15, 2021Updated 5 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Jul 13, 2023Updated 2 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆71Jun 30, 2019Updated 6 years ago
- ☆115Jul 18, 2019Updated 6 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆58Jun 21, 2020Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Mar 26, 2024Updated last year
- Sysmon-Like research tool for ETW☆387Nov 15, 2022Updated 3 years ago
- Tool to create hidden registry keys.☆490Oct 23, 2019Updated 6 years ago
- Tools for discovery and abuse of COM hijacks☆334Oct 15, 2019Updated 6 years ago
- Virtual Machine Introspection, Tracing & Debugging☆597Feb 22, 2022Updated 4 years ago
- A tool to facilitate ROP Chain Development for XML Character Sanitization☆20May 9, 2019Updated 6 years ago
- ☆135Dec 15, 2019Updated 6 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆149Feb 15, 2020Updated 6 years ago
- Windows Kernel Programming☆133May 11, 2020Updated 5 years ago