tyranid / windows-security-internals

Related projects ⓘ

Alternatives and complementary repositories for windows-security-internals

• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆300Updated last year
• FuzzySecurity / BHUSA-2023
  ☆103Updated 4 months ago
• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆111Updated 2 months ago
• fortra / CVE-2023-28252
  ☆172Updated last year
• binderlabs / DirCreate2System
  Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
  ☆358Updated last year
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆324Updated 5 months ago
• deepinstinct / NoFilter
  ☆293Updated 2 weeks ago
• gabriellandau / ItsNotASecurityBoundary
  ☆140Updated 3 months ago
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆236Updated 4 months ago
• securifybv / Visual-Studio-BOF-template
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆282Updated 2 years ago
• WKL-Sec / dcomhijack
  Lateral Movement Using DCOM and DLL Hijacking
  ☆279Updated last year
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆208Updated 5 months ago
• sensepost / mydumbedr
  ☆104Updated 9 months ago
• Wh04m1001 / CVE-2023-36874
  ☆234Updated last year
• gabriellandau / EDRSandblast-GodFault
  EDRSandblast-GodFault
  ☆240Updated last year
• Tylous / Freeze.rs
  Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
  ☆168Updated last month
• Octoberfest7 / Secure_Stager
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆136Updated 2 weeks ago
• Mr-Un1k0d3r / .NetConfigLoader
  .net config loader
  ☆307Updated last year
• Mr-Un1k0d3r / AMSI-ETW-Patch
  Patch AMSI and ETW
  ☆231Updated 6 months ago
• jstrosch / sclauncher
  A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …
  ☆124Updated 3 months ago
• Bw3ll / ShellWasp
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆159Updated last year
• Wh04m1001 / SysmonEoP
  ☆181Updated last year
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆151Updated last week
• xforcered / BokuLoader
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆317Updated 3 months ago
• RedefiningReality / Cobalt-Strike
  Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
  ☆248Updated 5 months ago
• rasta-mouse / OST-C2-Spec
  Open Source C&C Specification
  ☆220Updated 3 weeks ago
• TakahiroHaruyama / VDR
  Vulnerable driver research tool, result and exploit PoCs
  ☆180Updated last year
• CICADA8-Research / COMThanasia
  A set of programs for analyzing common vulnerabilities in COM
  ☆152Updated 2 months ago
• xalicex / Killers
  Exploitation of process killer drivers
  ☆187Updated last year
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆193Updated last year
• florylsk / SignatureGate
  Weaponized HellsGate/SigFlip
  ☆192Updated last year