pathtofile / SimpleAmsiProviderLinks
A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface
☆16Updated 5 years ago
Alternatives and similar repositories for SimpleAmsiProvider
Users that are interested in SimpleAmsiProvider are comparing it to the libraries listed below
Sorting:
- ☆21Updated 4 years ago
- ☆31Updated 5 years ago
- ☆36Updated 3 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Updated 6 years ago
- A tool to create COM class/interface relationships in neo4j☆50Updated 2 years ago
- ☆24Updated 3 years ago
- Sysmon shenanigans☆66Updated 4 years ago
- The repository accompanying the Buer Emulation workshop☆24Updated 3 years ago
- ☆16Updated 4 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆34Updated 3 years ago
- ☆18Updated 6 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆36Updated 10 years ago
- ☆15Updated 4 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆77Updated 5 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆42Updated 6 years ago
- A small library helping to parse commandline parameters (for C/C++)☆57Updated 2 months ago
- A small commented POC for removing API hooks placed by AV/EDR.☆34Updated 5 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- ☆48Updated 4 years ago
- A PE morphing tool that allows you to mimic one executable file to another.☆11Updated last year
- ☆63Updated 2 years ago
- ☆36Updated 6 years ago
- Specialized tool to dump Position Independent Code.☆22Updated 4 years ago
- PoC code from blog☆16Updated 5 years ago
- A simple COM server which provides a component to run shellcode☆136Updated 5 years ago
- Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.☆23Updated 4 years ago
- ☆11Updated 5 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 4 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆31Updated 2 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆15Updated 4 years ago