Userland API monitor for threat hunting
☆58Mar 4, 2020Updated 5 years ago
Alternatives and similar repositories for Captain
Users that are interested in Captain are comparing it to the libraries listed below
Sorting:
- This script runs multithreading module that connects to a remote TCP server, monitors active (opened) Microsoft Word documents (.doc,.doc…☆33Jul 24, 2020Updated 5 years ago
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆14Aug 15, 2022Updated 3 years ago
- Live hunting of code injection techniques☆385Aug 22, 2019Updated 6 years ago
- Kerberoast Detection Script☆30Oct 31, 2024Updated last year
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Shellcode runner in Rust☆34Oct 30, 2020Updated 5 years ago
- A Canary which fires when uninstalled☆34Mar 16, 2021Updated 4 years ago
- Visual Studio (C++) Solution Template for Payloads☆18Oct 30, 2019Updated 6 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- (kinda) Malicious Outlook Reader☆138Mar 3, 2021Updated 5 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- QuickSQL is a simple MSSQL query tool that allows you to connect to MSSQL databases and does not require administrative level rights to u…☆103Apr 17, 2020Updated 5 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- ☆57May 13, 2020Updated 5 years ago
- Go Lang Portable Executable Parser☆39Mar 31, 2021Updated 4 years ago
- Windows (ShadowMove) Socket Duplication☆87Apr 19, 2020Updated 5 years ago
- ☆112Jul 24, 2023Updated 2 years ago
- Dynamic COFF object loader☆23Jun 29, 2018Updated 7 years ago
- A framework for easy payloads development and deployment, collection of customizable XSS payloads☆26Feb 20, 2022Updated 4 years ago
- ☆21Jan 28, 2020Updated 6 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Aug 21, 2024Updated last year
- Userland API Unhooker Project☆111Jun 14, 2021Updated 4 years ago
- Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.☆47Feb 17, 2021Updated 5 years ago
- RDP Checker☆64Feb 23, 2024Updated 2 years ago
- The repository accompanying the Buer Emulation workshop☆24Aug 18, 2021Updated 4 years ago
- A .NET tool that uses AppDomain's to enable dynamic execution and escape detection.☆29Nov 25, 2019Updated 6 years ago
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- A simple COM server which provides a component to run shellcode☆149May 12, 2020Updated 5 years ago
- Library of threat hunts to get any user started!☆49Sep 4, 2020Updated 5 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- ☆133Jul 14, 2021Updated 4 years ago
- ☆15Oct 29, 2024Updated last year
- CRACK AND CHECK HASH TYPES IN BULK☆13Jul 28, 2021Updated 4 years ago
- A Simple CLI App to mark all EXCEL sheets visible (i.e. sets "Very Hidden" and "Hidden" to "Visible")☆11Apr 16, 2020Updated 5 years ago
- NativePayload_TiACBT (Remote Thread Injection + C# Async Method + CallBack Functions Technique)☆13Jun 6, 2023Updated 2 years ago
- ☆11May 2, 2022Updated 3 years ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- ☆12Feb 8, 2023Updated 3 years ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago