A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface
☆17Jan 10, 2020Updated 6 years ago
Alternatives and similar repositories for SimpleAmsiProvider
Users that are interested in SimpleAmsiProvider are comparing it to the libraries listed below
Sorting:
- Weaponizing CLRvoyance for Post-Ex .NET Execution☆38Jul 15, 2021Updated 4 years ago
- WinHTTP example☆17Feb 6, 2016Updated 10 years ago
- A tool to sync mythic events with ghostwriter oplog.☆14Nov 21, 2024Updated last year
- Miscellaneous examples for use with Cobalt Strike Beacon☆10Nov 19, 2020Updated 5 years ago
- handle elevation using bedaisy.☆12Aug 17, 2020Updated 5 years ago
- Windows Kernel Driver dlls injector using APC☆65Aug 11, 2018Updated 7 years ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆113Apr 20, 2021Updated 4 years ago
- Random code snippets☆11Oct 27, 2023Updated 2 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Draugnet is a lightweight, open-source tool for anonymous cyber threat reporting. Built for the MISP ecosystem, it lets users submit and …☆20Feb 26, 2026Updated 3 weeks ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- In 'n Out - See what goes in and comes out of PEs☆35May 12, 2022Updated 3 years ago
- Detour library (x64 and x86 compatible)☆13Dec 15, 2020Updated 5 years ago
- ☆13Dec 27, 2023Updated 2 years ago
- unit testing framework for C/C++☆10Mar 1, 2020Updated 6 years ago
- Assorted Cereals☆10Nov 13, 2021Updated 4 years ago
- VMDK Forensic Artifact Extractor (VFAE) is windows based tool written in C++ that extracts files with a known location from VMDK images r…☆17Aug 7, 2015Updated 10 years ago
- Easily serve HTTP and DNS keys for proper payload protection☆59Nov 10, 2018Updated 7 years ago
- Remote Thread Detection with a Kernel Driver☆34Jan 14, 2025Updated last year
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- ☆50May 12, 2021Updated 4 years ago
- ☆23Oct 28, 2020Updated 5 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 4 years ago
- Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection…☆21Dec 1, 2021Updated 4 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Dec 16, 2020Updated 5 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Sep 18, 2017Updated 8 years ago
- ☆15May 26, 2021Updated 4 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- ☆41Apr 5, 2025Updated 11 months ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- BOF implementations of CVE-2024-26229 for Cobalt Strike and BruteRatel☆27Jun 13, 2024Updated last year
- 实战基于KMDF的磁盘写保护☆13Jul 5, 2022Updated 3 years ago
- Shellcode Of Death☆43Aug 31, 2013Updated 12 years ago
- WORK IN PROGRESS. RAT written in C++ using Win32 API☆19Sep 12, 2019Updated 6 years ago
- [POC Detected]Bypass BE Anti Dll Injection (POC/Need Driver)☆17Mar 30, 2020Updated 5 years ago
- Catalog Red Team techniques that cause popups in various macOS versions��☆15Nov 18, 2024Updated last year
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Jun 20, 2016Updated 9 years ago
- Simple remote administration tool. Written in c++ and MASM.☆18May 16, 2018Updated 7 years ago
- ☆15Nov 25, 2021Updated 4 years ago