H4NM / WhoYouCalling
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
☆378Updated last month
Alternatives and similar repositories for WhoYouCalling
Users that are interested in WhoYouCalling are comparing it to the libraries listed below
Sorting:
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆316Updated 2 weeks ago
- ScriptSentry finds misconfigured and dangerous logon scripts.☆528Updated 4 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆374Updated last month
- Nuke It From Orbit - remove AV/EDR with physical access☆258Updated 5 months ago
- A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you com…☆170Updated 2 months ago
- A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.☆367Updated 3 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆465Updated this week
- PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains…☆795Updated last month
- A GUI and CLI tool for removing bloat from executables☆398Updated last month
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆349Updated 9 months ago
- Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…☆920Updated this week
- Python tool to check rootkits in Windows kernel☆195Updated 2 months ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆294Updated last week
- Wireshark RDP resources☆212Updated 3 months ago
- CLI tools for forensic investigation of Windows artifacts☆327Updated 6 months ago
- Hardcore Debugging☆880Updated 3 weeks ago
- An ADCS honeypot to catch attackers in your internal network.☆288Updated 10 months ago
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆250Updated last year
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆279Updated 9 months ago
- Documentation and scripts to properly enable Windows event logs.☆610Updated last year
- Rapidly Search and Hunt through Linux Forensics Artifacts☆190Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆623Updated 2 months ago
- PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirector…☆353Updated 5 months ago
- Analyze pcaps with Zeek and a Grafana Dashboard☆174Updated 11 months ago
- ☆201Updated 6 months ago
- ☆216Updated last month
- ☆490Updated last year
- A centralized and enhanced memory analysis platform☆462Updated 3 months ago
- PowerShell Digital Forensics & Incident Response Scripts.☆596Updated last month
- Sysmon configuration file template with default high-quality event tracing☆484Updated last year