Documentation and supporting script sample for Windows Exploit Guard
☆168Sep 8, 2025Updated 9 months ago
Alternatives and similar repositories for exploitguard
Users that are interested in exploitguard are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Process reimaging proof of concept code☆95Jun 21, 2019Updated 6 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆332May 2, 2024Updated 2 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆64Dec 18, 2023Updated 2 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆204Dec 6, 2022Updated 3 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆243Nov 6, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆317Feb 22, 2020Updated 6 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆431May 22, 2020Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆108Apr 24, 2020Updated 6 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Jul 8, 2022Updated 3 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆93Oct 6, 2020Updated 5 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 4 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆48Sep 18, 2020Updated 5 years ago
- This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System f…☆286May 14, 2020Updated 6 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Evading WinDefender ATP credential-theft☆256Dec 2, 2019Updated 6 years ago
- Hijack Printconfig.dll to execute shellcode☆101Jan 15, 2021Updated 5 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 9 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Finding Truth in the Shadows☆129Jan 26, 2023Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Jul 13, 2023Updated 2 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆70Jun 30, 2019Updated 6 years ago
- ☆115Jul 18, 2019Updated 6 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆57Jun 21, 2020Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆240Dec 7, 2020Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆193Mar 26, 2020Updated 6 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆334Mar 26, 2024Updated 2 years ago
- Sysmon-Like research tool for ETW☆392Nov 15, 2022Updated 3 years ago
- Tool to create hidden registry keys.☆489Oct 23, 2019Updated 6 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Tools for discovery and abuse of COM hijacks☆338Oct 15, 2019Updated 6 years ago
- A tool to facilitate ROP Chain Development for XML Character Sanitization☆20May 9, 2019Updated 7 years ago
- Virtual Machine Introspection, Tracing & Debugging☆598Feb 22, 2022Updated 4 years ago
- ☆134Dec 15, 2019Updated 6 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Nov 14, 2022Updated 3 years ago
- BlueHatIL 2020 - Staying # and Bringing Covert Injection Tradecraft to .NET☆150Feb 15, 2020Updated 6 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆320Mar 20, 2024Updated 2 years ago