t0-retooling / defender-recon24Links
☆52Updated 7 months ago
Alternatives and similar repositories for defender-recon24
Users that are interested in defender-recon24 are comparing it to the libraries listed below
Sorting:
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆78Updated this week
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆98Updated last year
- Winbindex bot to pull in binaries for specific releases☆48Updated last year
- C# implementation to produce ROR-13 numeric hash for given function API name☆32Updated 6 years ago
- LPE exploit for CVE-2023-36802☆22Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆76Updated last month
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆79Updated 2 years ago
- Enabled / Disable LSA Protection via BYOVD☆68Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆123Updated 2 years ago
- ☆141Updated 2 years ago
- ☆96Updated 3 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 10 months ago
- ☆69Updated 2 years ago
- A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.☆112Updated last year
- A few examples of how to trap virtual memory access on Windows.☆30Updated 5 months ago
- A Poc on blocking Procmon from monitoring network events☆103Updated 2 years ago
- ☆24Updated last year
- ETW based POC to identify direct and indirect syscalls☆185Updated 2 years ago
- ☆115Updated 2 years ago
- ☆70Updated 4 months ago
- CVE-2024-30090 - LPE PoC☆107Updated 7 months ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆106Updated 3 months ago
- Standalone Metasploit-like XOR encoder for shellcode☆47Updated last year
- Inter-Process Communication Mechanisms☆28Updated 4 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆71Updated 6 months ago
- Minifilter Callback Patching Proof-of-Concept☆71Updated 2 years ago
- ☆36Updated 6 months ago
- Plantronics Desktop Hub LPE☆36Updated last year
- ☆30Updated 6 months ago
- IDA Pro plugin to aid with the analysis of native IIS modules☆18Updated 10 months ago