Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL privilege
☆64Jan 19, 2026Updated last month
Alternatives and similar repositories for ThreatIntelligenceConsumer
Users that are interested in ThreatIntelligenceConsumer are comparing it to the libraries listed below
Sorting:
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64☆66May 2, 2025Updated 10 months ago
- A short scraper looking for a POC of CVE-2024-49112☆14Dec 16, 2024Updated last year
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆158Mar 26, 2025Updated 11 months ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆186Nov 23, 2025Updated 3 months ago
- ☆27Mar 6, 2025Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆261Oct 16, 2024Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 2 months ago
- ☆23Mar 6, 2023Updated 3 years ago
- Specialized tool to dump Position Independent Code.☆22Aug 4, 2020Updated 5 years ago
- PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…☆43Nov 9, 2025Updated 3 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- An Ansible collection that installs an ADFS deployment with optional configurations.☆44Dec 19, 2025Updated 2 months ago
- ☆61Oct 24, 2025Updated 4 months ago
- DoublePulsar (Position-Independent) Shellcode (Windows 7 SP1 x64)☆28Mar 11, 2020Updated 5 years ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.☆13Oct 24, 2022Updated 3 years ago
- Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications☆22Mar 28, 2025Updated 11 months ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- A Crystal Palace shared library to resolve & perform syscalls☆57Oct 29, 2025Updated 4 months ago
- UDC2 implementation that provides an ICMP C2 channel☆115Nov 24, 2025Updated 3 months ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆264Sep 23, 2025Updated 5 months ago
- ☆38Apr 15, 2025Updated 10 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- Shellcode loader that executes embedded Lua from Rust.☆128Dec 16, 2024Updated last year
- User-Defined C2 BOF Template☆28Nov 24, 2025Updated 3 months ago
- Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"☆22Oct 12, 2025Updated 4 months ago
- This is the Git repository for the Modern Red Teaming workshop given at SINCON2024.☆12May 23, 2024Updated last year
- A tool to extract cookies and passwords from major web browsers, passively, with no process injection.☆57Oct 31, 2025Updated 4 months ago
- Tool to extract username and password of current user from PanGPA in plaintext☆89Dec 23, 2024Updated last year
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- ☆64Dec 19, 2024Updated last year
- HoppEye is a simple payload picker for BashBunny based on linking payloads to LED color.☆31Mar 7, 2018Updated 7 years ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated last month
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- ProxyWatch☆37Updated this week