Alternatives and similar repositories for windows-security-internals:

Users that are interested in windows-security-internals are comparing it to the libraries listed below

• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆310Updated last year
• deepinstinct / NoFilter
  ☆298Updated 5 months ago
• OtterHacker / Conferences
  ☆301Updated 5 months ago
• scrt / PowerChell
  A PowerShell console in C/C++ with all the security features disabled
  ☆228Updated last month
• 0xdea / blindsight
  Red teaming tool to dump LSASS memory, bypassing basic countermeasures.
  ☆225Updated 3 months ago
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆161Updated last month
• FuzzySecurity / BHUSA-2023
  ☆105Updated 9 months ago
• RedefiningReality / Cobalt-Strike
  Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
  ☆288Updated 11 months ago
• deepinstinct / DCOMUploadExec
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆357Updated 4 months ago
• Octoberfest7 / Secure_Stager
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆187Updated 4 months ago
• fortra / CVE-2023-28252
  ☆178Updated last year
• Maldev-Academy / RemoteTLSCallbackInjection
  Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
  ☆257Updated last year
• reveng007 / Learning-EDR-and-EDR_Evasion
  I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …
  ☆270Updated last year
• nasbench / Misc-Research
  A collection of tools, scripts and personal research
  ☆127Updated 2 weeks ago
• CCob / Shwmae
  ☆148Updated 2 months ago
• CICADA8-Research / COMThanasia
  A set of programs for analyzing common vulnerabilities in COM
  ☆210Updated 7 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆183Updated 3 months ago
• ajm4n / DLLHound
  Find potential DLL Sideloads on your windows computer
  ☆201Updated 3 months ago
• Helixo32 / NimBlackout
  Kill AV/EDR leveraging BYOVD attack
  ☆352Updated last year
• floesen / EventLogCrasher
  ☆186Updated last year
• CCob / DRSAT
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆231Updated 3 months ago
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆257Updated 10 months ago
• fin3ss3g0d / StoneKeeper
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆198Updated 3 months ago
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆212Updated 5 months ago
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆198Updated 10 months ago
• xalicex / Killers
  Exploitation of process killer drivers
  ☆199Updated last year
• Maldev-Academy / MaldevAcademyLdr.1
  ☆348Updated last year
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆340Updated 2 months ago
• Bw3ll / ShellWasp
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆166Updated last year
• rasta-mouse / OST-C2-Spec
  Open Source C&C Specification
  ☆243Updated last month