n4r1B n4r1b
n4r1b
/ WdFilterMonitoredKeys.js
Created
April 18, 2020 15:45
A js script for windbg to list the registry keys that are being monitored by WdFilter.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| // remove [Object object] | |
| delete Object.prototype.toString; | |
| function add(address, val) | |
| { | |
| return host.Int64(address).add(val); | |
| } |
n4r1b
/ sacEval.xml
Created
August 23, 2022 15:27
SAC Evaluation Policy - {1283AC0F-FFF1-49AE-ADA1-8A933130CAD6}
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyType="Base Policy" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>0.0.0.0</VersionEx> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <PolicyID>{1283AC0F-FFF1-49AE-ADA1-8A933130CAD6}</PolicyID> | |
| <BasePolicyID>{1283AC0F-FFF1-49AE-ADA1-8A933130CAD6}</BasePolicyID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:UMCI</Option> | |
| </Rule> |
n4r1b
/ sacEnforce.xml
Created
August 23, 2022 15:27
SAC Enforce Policy - {0283AC0F-FFF1-49AE-ADA1-8A933130CAD6}
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyType="Base Policy" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>0.0.0.0</VersionEx> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <PolicyID>{0283AC0F-FFF1-49AE-ADA1-8A933130CAD6}</PolicyID> | |
| <BasePolicyID>{0283AC0F-FFF1-49AE-ADA1-8A933130CAD6}</BasePolicyID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:UMCI</Option> | |
| </Rule> |