Alternatives and similar repositories for WinLogHunt

Users that are interested in WinLogHunt are comparing it to the libraries listed below

• jonny-jhnson / JonMon-Lite
  ☆48Updated 7 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆44Updated 2 years ago
• rbmm / Hollowed-Process
  ☆30Updated 5 months ago
• jonny-jhnson / LDAPMon
  ☆46Updated 2 years ago
• bartblaze / DotNet-MetaData
  Identifies metadata of .NET binary files.
  ☆21Updated last year
• Maldev-Academy / PrefetchFileParser
  A lightweight Windows Prefetch file parser to extract programs' execution history
  ☆49Updated 3 weeks ago
• atabetnouhaila / API-hashing
  ☆18Updated 3 weeks ago
• cod3nym / Ghosting-AMSI
  Ghosting-AMSI
  ☆18Updated 9 months ago
• I3IT / Detect.Remote.ShadowSnapshot.Dump
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆31Updated last year
• praetorian-inc / swarmer
  A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN
  ☆42Updated last week
• rbmm / ARL
  ☆24Updated last year
• xforcered / DayBird
  Extension functionality for the NightHawk operator client
  ☆26Updated 2 years ago
• vysecurity / Nemesis-Download-Watcher
  Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.
  ☆15Updated last year
• kozmer / silentpulse
  single-threaded event driven sleep obfuscation poc for linux
  ☆37Updated 7 months ago
• matthw / malware_analysis
  ☆18Updated last year
• ricardojoserf / w11_shadow_copies
  Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
  ☆75Updated last week
• attl4s / freeMetsrvLoader
  freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package
  ☆35Updated 2 years ago
• 0xv1n / proc-suspend
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆22Updated 2 years ago
• codewhitesec / SysmonEnte
  ☆78Updated 3 years ago
• ZSECURE / zDocker-cobaltstrike
  Docker container for running CobaltStrike 4.10
  ☆38Updated last year
• FarghlyMal / Config-Extractors
  ☆27Updated last year
• bohops / COM-to-the-Darkside
  Slides and resources from MCTTP 2025 Talk
  ☆66Updated 3 months ago
• matterpreter / cpuid
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆27Updated 2 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆65Updated 2 years ago
• HulkOperator / AuthStager
  ☆59Updated last year
• dobin / DetonatorAgent
  Detonate malware on VMs and get logs & detection status
  ☆76Updated last week
• Teach2Breach / NtCreateUserProcess_rs
  example using NtCreateUserProcess in rust
  ☆19Updated last year
• FuzzySecurity / SAFACon-Vienna
  ☆23Updated last year
• slemire / bof-adopt
  BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.
  ☆17Updated 3 years ago
• 0xe7 / EventSniper
  ☆20Updated 2 years ago