Alternatives and similar repositories for WinLogHunt

Users that are interested in WinLogHunt are comparing it to the libraries listed below

• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• FuzzySecurity / SAFACon-Vienna
  ☆23Updated last year
• jonny-jhnson / LDAPMon
  ☆45Updated last year
• jonny-jhnson / JonMon-Lite
  ☆46Updated 4 months ago
• rbmm / Hollowed-Process
  ☆30Updated last month
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated 2 years ago
• I3IT / Detect.Remote.ShadowSnapshot.Dump
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆30Updated 8 months ago
• atabetnouhaila / API-hashing
  ☆18Updated last year
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆30Updated 6 months ago
• cod3nym / Ghosting-AMSI
  Ghosting-AMSI
  ☆17Updated 5 months ago
• matthw / malware_analysis
  ☆18Updated last year
• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆41Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 3 years ago
• codewhitesec / SysmonEnte
  ☆74Updated 2 years ago
• xforcered / DayBird
  Extension functionality for the NightHawk operator client
  ☆26Updated last year
• bartblaze / DotNet-MetaData
  Identifies metadata of .NET binary files.
  ☆21Updated last year
• netbiosX / GhostLoader
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆52Updated 5 years ago
• Offensive-Panda / .NET_PROFILER_DLL_LOADING
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆44Updated last year
• rbmm / ARL
  ☆24Updated 8 months ago
• 0xe7 / EventSniper
  ☆20Updated last year
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆40Updated 2 years ago
• hackerhouse-opensource / Gigabyte_ElevatePersist
  Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming an…
  ☆33Updated 2 years ago
• FalconForceTeam / bof-winrm-plugin-jump
  ☆29Updated 8 months ago
• SafeBreach-Labs / CortexVortex
  ☆80Updated last year
• HulkOperator / AuthStager
  ☆58Updated 11 months ago
• matterpreter / cpuid
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆26Updated 2 years ago
• jonny-jhnson / MSFT_DriverBlockList
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆40Updated last year
• susMdT / fictional-invention
  idk man this was the default github name
  ☆35Updated 2 years ago
• 0xv1n / proc-suspend
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆22Updated 2 years ago
• joe-desimone / rep-research
  ☆77Updated last year