DamonMohammadbagher / ETWNetMonv3View external linksLinks
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
☆41Jun 6, 2023Updated 2 years ago
Alternatives and similar repositories for ETWNetMonv3
Users that are interested in ETWNetMonv3 are comparing it to the libraries listed below
Sorting:
- NativePayload_TiACBT (Remote Thread Injection + C# Async Method + CallBack Functions Technique)☆13Jun 6, 2023Updated 2 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- ☆16Mar 1, 2019Updated 6 years ago
- ☆20Jul 9, 2019Updated 6 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- ☆51Sep 18, 2020Updated 5 years ago
- Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets☆48Aug 4, 2021Updated 4 years ago
- ☆25Mar 3, 2019Updated 6 years ago
- x64HOOK库☆18Jan 14, 2020Updated 6 years ago
- Easily hook WIN32 x64 functions☆18Feb 19, 2025Updated 11 months ago
- x64 assembler library☆31Jun 7, 2024Updated last year
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags☆83Oct 2, 2020Updated 5 years ago
- All Nt Syscall and W32k Syscall in one asm, include, and call it!☆58Nov 4, 2021Updated 4 years ago
- .NET project for writing files to local or remote hosts☆43Jan 27, 2020Updated 6 years ago
- Azure AD Incident Response☆27Oct 8, 2021Updated 4 years ago
- intel vt-x hypervisor ept☆25May 19, 2020Updated 5 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 2 years ago
- ☆73Oct 24, 2021Updated 4 years ago
- Record & prevent process creation in kernel mode☆44Sep 14, 2021Updated 4 years ago
- findLoop - find possible encryption/decryption or compression/decompression code☆26Mar 30, 2019Updated 6 years ago
- The evolution of NxRansomware☆11Jun 14, 2019Updated 6 years ago
- Windows Server 2K3 NT 5☆12Apr 14, 2021Updated 4 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- ☆14Jan 18, 2020Updated 6 years ago
- ☆15Aug 17, 2023Updated 2 years ago
- A dll injector static library for Win x64 processes with handle elevation supported☆12Mar 28, 2021Updated 4 years ago
- Windows Server 2K3 NT 5☆12Apr 17, 2021Updated 4 years ago
- 新的注入方式☆11Sep 30, 2018Updated 7 years ago
- Tools and Binaries to use with KAPE☆13Aug 13, 2019Updated 6 years ago
- POC code to crash Windows Event Logger Service☆27Oct 16, 2020Updated 5 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- ☆20Jan 28, 2022Updated 4 years ago
- CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"☆51Mar 2, 2022Updated 3 years ago
- Simple header only library to change return address on current stack frame.☆22Sep 4, 2016Updated 9 years ago
- Inject shellcode into process via "EarlyBird"☆26Aug 30, 2021Updated 4 years ago
- Fake SMB and SAMR data☆11Oct 27, 2019Updated 6 years ago
- collection of code snippets,windbg,python scripts and resources☆14Jul 11, 2022Updated 3 years ago
- ProcessHollowing via csharp☆13Dec 21, 2021Updated 4 years ago