Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
☆197Dec 6, 2022Updated 3 years ago
Alternatives and similar repositories for SealighterTI
Users that are interested in SealighterTI are comparing it to the libraries listed below
Sorting:
- Sysmon-Like research tool for ETW☆386Nov 15, 2022Updated 3 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 3 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- ☆261May 9, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆922Jul 20, 2024Updated last year
- ☆505Aug 14, 2022Updated 3 years ago
- ☆181Apr 24, 2025Updated 10 months ago
- ☆170Jan 7, 2022Updated 4 years ago
- A little tool to play with the Seclogon service☆326Jul 10, 2022Updated 3 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Lateral Movement Using DCOM and DLL Hijacking☆325Jun 18, 2023Updated 2 years ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆557Apr 8, 2025Updated 10 months ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- ☆125Jun 28, 2023Updated 2 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- ☆253Jun 7, 2025Updated 8 months ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆675Dec 23, 2022Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- PoCs and tools for investigation of Windows process execution techniques☆953Feb 2, 2026Updated last month
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆822Aug 23, 2021Updated 4 years ago
- Sleep Obfuscation☆817Dec 3, 2023Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆718Jul 19, 2023Updated 2 years ago
- ��☆152Oct 2, 2023Updated 2 years ago
- View ETW Provider manifest☆575Nov 1, 2024Updated last year
- For when DLLMain is the only way☆424Oct 29, 2024Updated last year
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year