Alternatives and similar repositories for WinLogHunt

Users that are interested in WinLogHunt are comparing it to the libraries listed below

• rbmm / Hollowed-Process
  ☆30Updated 4 months ago
• jonny-jhnson / LDAPMon
  ☆45Updated 2 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆43Updated 2 years ago
• jonny-jhnson / JonMon-Lite
  ☆47Updated 6 months ago
• atabetnouhaila / API-hashing
  ☆18Updated last year
• xforcered / DayBird
  Extension functionality for the NightHawk operator client
  ☆26Updated 2 years ago
• bartblaze / DotNet-MetaData
  Identifies metadata of .NET binary files.
  ☆21Updated last year
• Teach2Breach / NtCreateUserProcess_rs
  example using NtCreateUserProcess in rust
  ☆19Updated 11 months ago
• I3IT / Detect.Remote.ShadowSnapshot.Dump
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆31Updated 10 months ago
• Hexastrike / LockBit-Database-Leak-2025
  Structured CSVs and table schemas extracted from the 29-April-2025 LockBit affiliate-panel database leak.
  ☆29Updated 7 months ago
• matthw / malware_analysis
  ☆18Updated last year
• jonny-jhnson / MSFT_DriverBlockList
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆42Updated last year
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Updated 2 years ago
• deepinstinct / VSTO-POC
  A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously
  ☆31Updated 2 years ago
• ZSECURE / zDocker-cobaltstrike
  Docker container for running CobaltStrike 4.10
  ☆37Updated last year
• codewhitesec / SysmonEnte
  ☆76Updated 3 years ago
• kozmer / silentpulse
  single-threaded event driven sleep obfuscation poc for linux
  ☆37Updated 6 months ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆65Updated 2 years ago
• waawaa / Hooked-Injector
  Hooked create process injection for meterpreter
  ☆23Updated 4 years ago
• attl4s / freeMetsrvLoader
  freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package
  ☆35Updated 2 years ago
• Offensive-Panda / .NET_PROFILER_DLL_LOADING
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆47Updated last year
• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆43Updated last year
• vysecurity / Nemesis-Download-Watcher
  Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.
  ☆15Updated last year
• 0xv1n / proc-suspend
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆22Updated 2 years ago
• rbmm / ARL
  ☆24Updated 10 months ago
• cod3nym / Ghosting-AMSI
  Ghosting-AMSI
  ☆18Updated 7 months ago
• 0xe7 / EventSniper
  ☆20Updated 2 years ago
• thalpius / Microsoft-Defender-for-Identity-Encrypted-Password
  ☆36Updated last year
• matterpreter / cpuid
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆26Updated 2 years ago
• 0xbad53c / OffSecOps-Arsenal
  Aggressor script to automatically download and load an arsenal of open source and private Cobalt Strike tooling.
  ☆45Updated last year