A repository with my/stolen code snippets for research/education purposes :D.
Snippet Name | Description |
---|---|
Patching EtwEventWrite via PInvoke | C# snippet code to pathing Event Tracing for Windows (ETW) via PInvoke. |
Patching EtwEventWrite via DInvoke | C# snippet code to pathing Event Tracing for Windows (ETW) via DInvoke. |
Patching AmsiScanBuffer via DInvoke | C# snippet code to pathing Antimalware Scan Interface (AMSI) via DInvoke. |
Bypass ATP and dump LSASS | Powershell code to bypass Advanced Threat Protection (ATP) and dump the LSASS process. For more details check this post Bypass Windows Defender ATP. |