GitHub

Windows Update Watchdog

A tiny Windows 10/11 administration utility that watches Windows Update controls while keeping Microsoft Defender visible, repairable, and enabled. The app is intentionally small: a compact window, ...
GitHub

powershell_fileless_process_injection_via_getprocaddress.yml

description: The following analytic detects the use of `GetProcAddress` in PowerShell script blocks, leveraging PowerShell Script Block Logging (EventCode=4104). This method captures the full command ...