t0-retooling / defender-recon24
☆51Updated 5 months ago
Alternatives and similar repositories for defender-recon24:
Users that are interested in defender-recon24 are comparing it to the libraries listed below
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆47Updated this week
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆73Updated last year
- ☆95Updated 3 years ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆96Updated 11 months ago
- ☆112Updated 2 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆112Updated last year
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 8 months ago
- I have documented all of the AMSI patches that I learned till now☆71Updated this week
- XOR decrypting shellcode using the GPU with OpenCL.☆95Updated last year
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Updated 2 years ago
- Winbindex bot to pull in binaries for specific releases☆47Updated last year
- Win32 keylogger that supports all (non-ime using) languages correctly☆49Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆53Updated 8 months ago
- ☆98Updated last year
- A Poc on blocking Procmon from monitoring network events☆101Updated 2 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago
- ☆78Updated last year
- ☆34Updated last month
- Windows API Hashes used in the malwares☆41Updated 9 years ago
- Minifilter Callback Patching Proof-of-Concept☆67Updated 2 years ago
- Select any exported function in a dll as the new dll's entry point.☆75Updated 5 months ago
- ☆71Updated 7 months ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆73Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆47Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- ☆29Updated 3 months ago
- LPE exploit for CVE-2023-36802☆22Updated last year
- Standalone Metasploit-like XOR encoder for shellcode☆47Updated 10 months ago