Alternatives and similar repositories for windows-security-internals:

Users that are interested in windows-security-internals are comparing it to the libraries listed below

• deepinstinct / ContainYourself
  A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
  ☆306Updated last year
• deepinstinct / NoFilter
  ☆296Updated 3 months ago
• OtterHacker / Conferences
  ☆297Updated 3 months ago
• deepinstinct / DCOMUploadExec
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆343Updated 2 months ago
• FuzzySecurity / BHUSA-2023
  ☆105Updated 7 months ago
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆297Updated last week
• binderlabs / DirCreate2System
  Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
  ☆357Updated 2 years ago
• deepinstinct / Lsass-Shtinkering
  ☆375Updated 2 years ago
• CCob / Shwmae
  ☆142Updated 3 weeks ago
• jsecurity101 / ETWInspector
  ☆154Updated 9 months ago
• Mr-Un1k0d3r / .NetConfigLoader
  .net config loader
  ☆310Updated last year
• ajm4n / DLLHound
  Find potential DLL Sideloads on your windows computer
  ☆175Updated last month
• nasbench / Misc-Research
  A collection of tools, scripts and personal research
  ☆125Updated 7 months ago
• floesen / EventLogCrasher
  ☆185Updated last year
• senzee1984 / EDRPrison
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆381Updated 6 months ago
• fortra / CVE-2023-28252
  ☆176Updated last year
• CICADA8-Research / COMThanasia
  A set of programs for analyzing common vulnerabilities in COM
  ☆191Updated 5 months ago
• RedefiningReality / Cobalt-Strike
  Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
  ☆274Updated 9 months ago
• S3cur3Th1sSh1t / Ruy-Lopez
  ☆297Updated last year
• sensepost / mydumbedr
  ☆112Updated last year
• securifybv / Visual-Studio-BOF-template
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆289Updated 3 years ago
• outflanknl / edr-internals
  Tools for analyzing EDR agents
  ☆219Updated 8 months ago
• itm4n / PPLmedic
  Dump the memory of any PPL with a Userland exploit chain
  ☆332Updated last year
• Maldev-Academy / Christmas
  ☆248Updated last year
• Bw3ll / ShellWasp
  ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…
  ☆165Updated last year
• rad9800 / FileRenameJunctionsEDRDisable
  ☆142Updated 2 months ago
• fin3ss3g0d / StoneKeeper
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆188Updated last month
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆333Updated last week
• LloydLabs / shellcode-plain-sight
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆196Updated 2 years ago