t-tani / defender2yaraLinks
Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
☆119Updated this week
Alternatives and similar repositories for defender2yara
Users that are interested in defender2yara are comparing it to the libraries listed below
Sorting:
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆82Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆118Updated last year
- ☆173Updated 4 months ago
- ETW based POC to identify direct and indirect syscalls☆188Updated 2 years ago
- ☆52Updated 10 months ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆185Updated 2 years ago
- "Service-less" driver loading☆159Updated 9 months ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆45Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- ☆76Updated last year
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆117Updated this week
- MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.☆119Updated 8 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆79Updated 2 months ago
- ☆147Updated 3 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆73Updated 9 months ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- shell code example☆62Updated 3 months ago
- Mentally ill EtwTi parser☆65Updated last month
- ☆114Updated 2 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆122Updated 2 years ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆51Updated last year
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆107Updated 6 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆114Updated 11 months ago
- ☆79Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆131Updated last year
- ☆108Updated 10 months ago
- List the ETW provider(s) in the registration table of a process.☆62Updated last year
- Uses ghidra to find all ETW write metadata for each API in a PE file☆21Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆108Updated 2 years ago
- ☆31Updated 8 months ago