t0-retooling / defender-recon24View external linksLinks
☆59Oct 17, 2024Updated last year
Alternatives and similar repositories for defender-recon24
Users that are interested in defender-recon24 are comparing it to the libraries listed below
Sorting:
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆142Updated this week
- 关闭恶意驱动的文件和注册表保护☆14Jun 28, 2022Updated 3 years ago
- defender_database☆24Oct 31, 2023Updated 2 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆17Jun 29, 2024Updated last year
- Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)☆21Oct 18, 2024Updated last year
- A parser for Microsoft PDB (Program Database) debugging information☆23Nov 5, 2024Updated last year
- ☆20Oct 14, 2024Updated last year
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- ☆24Jul 15, 2023Updated 2 years ago
- Simple tool to dump/hide services in services.exe process.☆14Apr 22, 2022Updated 3 years ago
- Example WDF/KMDF driver and test app demonstrating the "inverted call model"☆37May 1, 2020Updated 5 years ago
- Linux-KVM with rVMI extensions☆22Aug 28, 2017Updated 8 years ago
- about how to make a anti-virus engine☆106May 22, 2025Updated 8 months ago
- Windows kernel PDB data parsed into YAML☆42Nov 2, 2025Updated 3 months ago
- ☆23Jul 24, 2023Updated 2 years ago
- ☆231Jun 23, 2022Updated 3 years ago
- Modified version of Impacket to use dynamic NTLMv2 Challenge/Response☆20Dec 26, 2022Updated 3 years ago
- gamedll☆10May 11, 2017Updated 8 years ago
- Reliable UDP, Author Whg☆15Oct 8, 2019Updated 6 years ago
- Self-hosting binary instrumentation framework for security research☆12Apr 10, 2023Updated 2 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆14Nov 6, 2017Updated 8 years ago
- A PoC C2 implementation that uses Native Messaging API to execute direct commands in the OS☆17Nov 5, 2025Updated 3 months ago
- doesnt work and wont work on it anymore☆10Jul 8, 2024Updated last year
- WinDbg Symbols Caching Proxy.☆17Feb 3, 2026Updated last week
- Exploit for HEVD☆10Sep 11, 2019Updated 6 years ago
- this application shows EAC sdk's memory leak.☆10Nov 30, 2021Updated 4 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆193Jul 10, 2023Updated 2 years ago
- QEMU with rVMI extensions☆25Jul 25, 2017Updated 8 years ago
- Lightweight PDB symbol parser and resolver☆27Oct 28, 2024Updated last year
- Malware analysis tool based on taint analysis.☆14Jan 29, 2022Updated 4 years ago
- ☆11Jul 12, 2022Updated 3 years ago
- ☆13Sep 22, 2022Updated 3 years ago
- Scripting together some of my favorite Python tools for doing initial triage of a suspected malicious document (e.g. PDF, DOC, DOCX, XSLM…☆17Mar 8, 2022Updated 3 years ago
- ☆10Mar 5, 2016Updated 9 years ago
- Some stuff for PHD2021☆14May 21, 2025Updated 8 months ago
- CPUID database derived from InstLatx64☆15Feb 1, 2020Updated 6 years ago
- Extract Windows Defender database from vdm files and unpack it☆473Aug 8, 2025Updated 6 months ago
- rpv-web is a browser based frontend for the rpv library☆26Nov 21, 2025Updated 2 months ago
- 以shellcode注入其它驱动执行,躲避驱动签名检测,曾pubg项目中使用,,,当然现在,,,☆27Oct 19, 2022Updated 3 years ago