t0-retooling / defender-recon24Links
☆52Updated 10 months ago
Alternatives and similar repositories for defender-recon24
Users that are interested in defender-recon24 are comparing it to the libraries listed below
Sorting:
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆119Updated this week
- ☆146Updated 3 years ago
- Enabled / Disable LSA Protection via BYOVD☆74Updated 3 years ago
- ☆100Updated 3 years ago
- Inter-Process Communication Mechanisms☆28Updated 4 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆82Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆106Updated 2 weeks ago
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆20Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion☆59Updated 4 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆124Updated 2 years ago
- ☆70Updated 6 months ago
- ☆85Updated last year
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆63Updated 2 years ago
- Plantronics Desktop Hub LPE☆36Updated last year
- ETW based POC to identify direct and indirect syscalls☆187Updated 2 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆105Updated 2 years ago
- ☆114Updated 2 years ago
- LPE exploit for CVE-2023-36802☆22Updated last year
- Windows LPE exploit for CVE-2022-37969☆136Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆118Updated last year
- Win32 keylogger that supports all (non-ime using) languages correctly☆50Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆73Updated 9 months ago
- Analysis of the vulnerability☆51Updated last year
- CVE-2024-30090 - LPE PoC☆107Updated 10 months ago
- ☆32Updated last year
- A few examples of how to trap virtual memory access on Windows.☆33Updated 8 months ago
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆61Updated 2 years ago
- C# Utilities for Windows Notification Facility☆155Updated 4 months ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆33Updated 6 years ago