Giters
Matt Graeber (mattifestation)

mattifestation

Geek Repo

2k

followers

0

following

0

stars

Home Page:https://mattifestation.medium.com/

Github PK Tool:Github PK Tool

Matt Graeber's repositories

PowerShellArsenal

A PowerShell Module Dedicated to Reverse Engineering

Language:PowerShellStargazers:845Issues:66Issues:7

CimSweep

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

Language:PowerShellLicense:BSD-3-ClauseStargazers:634Issues:75Issues:11

PIC_Bindshell

Position Independent Windows Shellcode Written in C

Language:PowerShellLicense:NOASSERTIONStargazers:280Issues:19Issues:1

WMI_Backdoor

A PoC WMI backdoor presented at Black Hat 2015

Language:PowerShellLicense:BSD-3-ClauseStargazers:271Issues:18Issues:0

PSSysmonTools

Sysmon Tools for PowerShell

Language:PowerShellLicense:BSD-3-ClauseStargazers:230Issues:25Issues:6

PSReflect

Easily define in-memory enums, structs, and Win32 functions in PowerShell

Language:PowerShellLicense:BSD-3-ClauseStargazers:214Issues:21Issues:11

WDACTools

A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies

Language:PowerShellLicense:BSD-3-ClauseStargazers:187Issues:16Issues:3

WinPETools

A module designed to simplify the creation, customization, and deployment of bootable Windows Preinstallation Environment (WinPE) images.

Language:PowerShellLicense:BSD-3-ClauseStargazers:146Issues:15Issues:1

BHUSA2018_Sysmon

All materials from our Black Hat 2018 "Subverting Sysmon" talk

Language:PowerShellStargazers:137Issues:11Issues:0

AntimalwareBlight

Execute PowerShell code at the antimalware-light protection level.

Language:PowerShellLicense:BSD-3-ClauseStargazers:133Issues:4Issues:0

DeviceGuardBypassMitigationRules

A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses

License:MITStargazers:114Issues:19Issues:2

PoCSubjectInterfacePackage

A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.

Language:PowerShellLicense:BSD-3-ClauseStargazers:94Issues:10Issues:0

BCD

BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functionality of the functions in this module mirror that of bcdedit.exe.

Language:PowerShellLicense:BSD-3-ClauseStargazers:61Issues:7Issues:0

WDACPolicies

A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies

Stargazers:54Issues:8Issues:1

TCGLogTools

A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.

Language:PowerShellLicense:BSD-3-ClauseStargazers:50Issues:8Issues:2

WindowsEventLogMetadata

Event metadata collected across all manifest-based ETW providers on Window 10 1903

Stargazers:30Issues:4Issues:0

ShellcodeExec

A simple shellcode runner

Language:CStargazers:21Issues:5Issues:1

CatalogTools

A PowerShell module to assist in parsing and managing catalog files.

Language:PowerShellLicense:BSD-3-ClauseStargazers:19Issues:3Issues:0

capstone

Capstone disassembly framework: Core + Python + Ocaml + Java + C# bindings

Language:CLicense:NOASSERTIONStargazers:17Issues:9Issues:0

UnicornPowerShell

A PowerShell binding for the Unicorn Engine

Language:PowerShellLicense:GPL-2.0Stargazers:16Issues:3Issues:0

MSFTTraceMessageFormat

All TMF files that I extracted from Microsoft PDBs.

Stargazers:12Issues:3Issues:0

mattifestation

Stargazers:1Issues:2Issues:0