Alternatives and similar repositories for defender-recon24

Users that are interested in defender-recon24 are comparing it to the libraries listed below

• t-tani / defender2yara
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆88Updated this week
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆123Updated 2 years ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆100Updated last year
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆116Updated 11 months ago
• ommadawn46 / HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2
  HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
  ☆53Updated 2 months ago
• scrt / avdebugger
  ☆96Updated 3 years ago
• Slowerzs / KeyJumper
  ☆48Updated 3 months ago
• 0x4d5a-ctf / 38c3_com_talk
  Slides for COM Hijacking AV/EDR Talk on 38c3
  ☆74Updated 5 months ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆79Updated 2 years ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆71Updated 2 years ago
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆70Updated 3 years ago
• RomanRybachek / CVE-2024-20698
  Analysis of the vulnerability
  ☆51Updated last year
• tyranid / windows-memory-access-traps
  A few examples of how to trap virtual memory access on Windows.
  ☆31Updated 6 months ago
• xforcered / Windows_MSKSSRV_LPE_CVE-2023-36802
  LPE exploit for CVE-2023-36802
  ☆22Updated last year
• FuzzySecurity / BulkBindex
  Winbindex bot to pull in binaries for specific releases
  ☆48Updated last year
• JanielDary / weetabix
  A C++ PoC implementation for enumerating Windows Fibers directly from memory
  ☆19Updated last year
• ucsb-seclab / popkorn-artifact
  ☆70Updated 2 years ago
• joe-desimone / patriot
  ☆142Updated 2 years ago
• RedTeamOperations / VEH-PoC
  ☆114Updated 2 years ago
• elastic / PPLGuard
  ☆70Updated 4 months ago
• V-i-x-x / win11-kernel-execution-syscall-hijack
  ☆25Updated last week
• Crypt0s / Ekko_CFG_Bypass
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆103Updated 2 years ago
• Slowerzs / CryptDecryptMemory
  ☆30Updated 6 months ago
• whokilleddb / ETWListicle
  List the ETW provider(s) in the registration table of a process.
  ☆59Updated last year
• listinvest / undonut
  Unpacker for donut shellcode
  ☆17Updated 5 years ago
• tandasat / CVE-2023-36427
  Report and exploit of CVE-2023-36427
  ☆90Updated last year
• synacktiv / keebcap
  Win32 keylogger that supports all (non-ime using) languages correctly
  ☆50Updated last year
• thiagopeixoto / winsos-poc
  A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.
  ☆112Updated last year
• lap1nou / CLR_Heap_encryption
  ☆99Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 3 years ago