Alternatives and similar repositories for WhoYouCalling

Users that are interested in WhoYouCalling are comparing it to the libraries listed below

• lkarlslund / nifo
  Nuke It From Orbit - remove AV/EDR with physical access
  ☆271Updated 11 months ago
• joeavanzato / Trawler
  PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.
  ☆322Updated 6 months ago
• Squiblydoo / debloat
  A GUI and CLI tool for removing bloat from executables
  ☆432Updated 4 months ago
• MHaggis / PowerShell-Hunter
  PowerShell tools to help defenders hunt smarter, hunt harder.
  ☆444Updated 3 weeks ago
• p0dalirius / ExtractBitlockerKeys
  A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
  ☆383Updated last month
• srlabs / Certiception
  An ADCS honeypot to catch attackers in your internal network.
  ☆314Updated last year
• techspence / ScriptSentry
  ScriptSentry finds misconfigured and dangerous logon scripts.
  ☆611Updated 11 months ago
• MalBeacon / what-is-this-stealer
  A repository of credential stealer formats
  ☆233Updated 5 months ago
• cgosec / Blauhaunt
  A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…
  ☆179Updated 5 months ago
• gtworek / VolatileDataCollector
  ☆205Updated 2 weeks ago
• persistence-info / persistence-info.github.io
  ☆513Updated last year
• awakecoding / wireshark-rdp
  Wireshark RDP resources
  ☆218Updated 5 months ago
• lawndoc / Respotter
  Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.
  ☆196Updated 2 weeks ago
• AirbusProtect / AD-Canaries
  The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…
  ☆258Updated 2 years ago
• secureworks / pytune
  ☆266Updated 3 months ago
• Ahmed-AL-Maghraby / Windows-Registry-Analysis-Cheat-Sheet
  ☆168Updated 2 years ago
• jonny-jhnson / JonMon
  ☆245Updated 5 months ago
• mandiant / VM-Packages
  Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
  ☆205Updated this week
• RedByte1337 / GraphSpy
  Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
  ☆894Updated 6 months ago
• k1nd0ne / VolWeb
  A centralized and enhanced memory analysis platform
  ☆508Updated 4 months ago
• Psmths / windows-forensic-artifacts
  Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
  ☆409Updated last year
• techspence / ADeleginator
  A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory
  ☆288Updated last month
• vu-ls / Crassus
  ☆598Updated 3 weeks ago
• magicsword-io / LOLRMM
  LotL RMM
  ☆260Updated 3 weeks ago
• LETHAL-FORENSICS / MemProcFS-Analyzer
  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
  ☆689Updated last month
• Malandrone / PowerDecode
  PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs…
  ☆226Updated last year
• curated-intel / Attribution-to-IP
  A collection of methods to learn who the owner of an IP address is.
  ☆178Updated last month
• subat0mik / Misconfiguration-Manager
  Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…
  ☆1,048Updated 2 weeks ago
• SafeBreach-Labs / WindowsDowndate
  A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities
  ☆688Updated last year
• vectra-ai-research / MAAD-AF
  MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
  ☆408Updated last year