Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL privilege
☆70Jan 19, 2026Updated 2 months ago
Alternatives and similar repositories for ThreatIntelligenceConsumer
Users that are interested in ThreatIntelligenceConsumer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆32Sep 24, 2025Updated 6 months ago
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 3 months ago
- Seven different DLL injection techniques in one single project.☆12May 19, 2020Updated 5 years ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 9 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A short scraper looking for a POC of CVE-2024-49112☆14Dec 16, 2024Updated last year
- DoublePulsar (Position-Independent) Shellcode (Windows 7 SP1 x64)☆28Mar 11, 2020Updated 6 years ago
- WinDbg-ext-MCP bridges your favorite LLM client (like Cursor, Claude, or VS Code) with WinDbg, enabling real-time, AI assisted kernel deb…☆85Sep 10, 2025Updated 6 months ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.☆13Oct 24, 2022Updated 3 years ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆158Mar 26, 2025Updated last year
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆167May 28, 2025Updated 9 months ago
- Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64☆66May 2, 2025Updated 10 months ago
- ☆27Mar 6, 2025Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Usermode exploit to bypass any AC using a 0day shatter attack.☆266Nov 26, 2025Updated 4 months ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆188Nov 23, 2025Updated 4 months ago
- Specialized tool to dump Position Independent Code.☆22Aug 4, 2020Updated 5 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆267Oct 16, 2024Updated last year
- AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64☆379Mar 7, 2026Updated 2 weeks ago
- PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…☆48Nov 9, 2025Updated 4 months ago
- ☆23Mar 6, 2023Updated 3 years ago
- ☆61Oct 24, 2025Updated 5 months ago
- Windows Defender Manager is a tool that helps stop Windows Defender. It works with the Antimalware Service Executable of all versions of …☆41Jan 18, 2025Updated last year
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆105Feb 25, 2025Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- An Ansible collection that installs an ADFS deployment with optional configurations.☆44Dec 19, 2025Updated 3 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆66Jan 5, 2026Updated 2 months ago
- Open Source Implementation of Cobalt Strike's Malleable C2☆96Jan 27, 2026Updated last month
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆203Aug 2, 2023Updated 2 years ago
- Call stack spoofing for Rust☆360Feb 7, 2025Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆125Dec 23, 2025Updated 3 months ago
- Ascii85 encoder/decoder written in C with no memory allocation, no whitespace tolerance.☆11Jun 24, 2020Updated 5 years ago
- IAT-Obfuscation to make static analysis of executable harder.☆44Sep 6, 2021Updated 4 years ago
- Shellcode loader that executes embedded Lua from Rust.☆127Dec 16, 2024Updated last year
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆264Sep 23, 2025Updated 6 months ago