Alternatives and similar repositories for defender-recon24:

Users that are interested in defender-recon24 are comparing it to the libraries listed below

• t-tani / defender2yara
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆47Updated this week
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆73Updated last year
• scrt / avdebugger
  ☆95Updated 3 years ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆96Updated 11 months ago
• RedTeamOperations / VEH-PoC
  ☆112Updated 2 years ago
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆112Updated last year
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆66Updated 3 years ago
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆122Updated 2 years ago
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆114Updated 8 months ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆71Updated this week
• eversinc33 / GpuDecryptShellcode
  XOR decrypting shellcode using the GPU with OpenCL.
  ☆95Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 2 years ago
• FuzzySecurity / BulkBindex
  Winbindex bot to pull in binaries for specific releases
  ☆47Updated last year
• synacktiv / keebcap
  Win32 keylogger that supports all (non-ime using) languages correctly
  ☆49Updated last year
• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆53Updated 8 months ago
• lap1nou / CLR_Heap_encryption
  ☆98Updated last year
• NUL0x4C / EtwSessionHijacking
  A Poc on blocking Procmon from monitoring network events
  ☆101Updated 2 years ago
• ihack4falafel / ROR13HashGenerator
  C# implementation to produce ROR-13 numeric hash for given function API name
  ☆31Updated 5 years ago
• xalicex / LOLDrivers_finder
  ☆78Updated last year
• rad9800 / talks
  ☆34Updated last month
• hidd3ncod3s / WindowsAPIhash
  Windows API Hashes used in the malwares
  ☆41Updated 9 years ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆67Updated 2 years ago
• Kudaes / CustomEntryPoint
  Select any exported function in a dll as the new dll's entry point.
  ☆75Updated 5 months ago
• joe-desimone / rep-research
  ☆71Updated 7 months ago
• uf0o / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆73Updated 3 years ago
• yamakadi / ldr
  A work in progress BOF/COFF loader in Rust
  ☆47Updated 2 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated last year
• Slowerzs / CryptDecryptMemory
  ☆29Updated 3 months ago
• xforcered / Windows_MSKSSRV_LPE_CVE-2023-36802
  LPE exploit for CVE-2023-36802
  ☆22Updated last year
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆47Updated 10 months ago