tyranid / windows-security-internalsLinks
A repository for additional files related to the book Windows Security Internals with PowerShell from No Starch Press.
☆186Updated last year
Alternatives and similar repositories for windows-security-internals
Users that are interested in windows-security-internals are comparing it to the libraries listed below
Sorting:
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- ☆303Updated 7 months ago
- ☆300Updated 7 months ago
- ☆105Updated 11 months ago
- A PowerShell console in C/C++ with all the security features disabled☆254Updated last month
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆297Updated last year
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆358Updated 2 years ago
- A collection of tools, scripts and personal research☆133Updated 2 months ago
- I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …☆277Updated last week
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆193Updated 2 months ago
- Python based WinDbg script to automate the search for code caves in binaries and libraries.☆49Updated 5 months ago
- ☆133Updated 3 months ago
- Tools for analyzing EDR agents☆230Updated last year
- ☆179Updated last year
- AV/EDR Lab environment setup references to help in Malware development☆388Updated 4 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆361Updated 5 months ago
- ☆380Updated 2 years ago
- ☆356Updated last year
- Open Source C&C Specification☆260Updated 3 months ago
- Proof of concept & details for CVE-2025-21298☆184Updated 5 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆348Updated 4 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆369Updated 6 months ago
- ☆189Updated last year
- ☆151Updated 4 months ago
- .net config loader☆331Updated last year
- This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at t…☆381Updated last month
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆417Updated 10 months ago
- ☆257Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆213Updated 2 years ago
- kernel callback removal (Bypassing EDR Detections)☆177Updated 3 months ago