Alternatives and similar repositories for MacOS-EDR-Provoker

Users that are interested in MacOS-EDR-Provoker are comparing it to the libraries listed below

• StrangerealIntel / DeltaFlare
  ☆12Updated 3 years ago
• randomaccess3 / block-parser
  Parser for Windows PowerShell script block logs
  ☆13Updated 5 months ago
• threatexpress / threat-mitigation
  Threat Mitigation Strategies
  ☆25Updated last year
• threatexpress / procdot_sandbox
  ProcDot Malware Sandbox
  ☆24Updated 6 months ago
• morRubin / PrtToCert
  ☆21Updated 4 years ago
• ReconInfoSec / adversary-emulation-map
  Creates an ATT&CK Navigator map of an Adversary Emulation Plan
  ☆17Updated 3 years ago
• cedowens / Persistent-Swift
  A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…
  ☆32Updated 4 years ago
• antman1p / PrintTCCdb
  JXA script for Mythic that prints the TCC.db
  ☆15Updated 4 years ago
• jfmaes / Emulation-Workshop
  The repository accompanying the Buer Emulation workshop
  ☆24Updated 3 years ago
• vu-ls / applywdac
  ☆23Updated 3 months ago
• RomaissaAdjailia / Get-AppLockerEventlog
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Updated 2 years ago
• nmantani / PS-TrustedDocuments
  PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office
  ☆35Updated 2 years ago
• brokensound77 / toruk
  Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data
  ☆13Updated 5 years ago
• k3idii / ION
  Indicators of Normality
  ☆12Updated 2 years ago
• fastlorenzo / redelk-kibana-app
  Kibana app for RedELK
  ☆17Updated 2 years ago
• SecurityJosh / MuteSysmon
  A PowerShell script to prevent Sysmon from writing its events
  ☆15Updated 5 years ago
• QueenSquishy / Zombie
  General Content
  ☆26Updated 10 months ago
• darkoperator / vscode-sysmon
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆53Updated last year
• blackarrowsec / malware-research
  Malware campaigns and APTs research by BlackArrow
  ☆18Updated 5 years ago
• woanware / etw-event-dumper
  ☆33Updated 3 years ago
• nettitude / PoshC2_IOCs
  A list of IOCs applicable to PoshC2
  ☆24Updated 4 years ago
• cedowens / C2_Cradle
  Tool to download, install, and run macOS capable command & control servers (i.e., C2s with macOS payloads/clients) as docker containers f…
  ☆19Updated 4 years ago
• surbo / OVERFLOW
  Microsoft Flow Attack Framework
  ☆23Updated 5 years ago
• MITRECND / picaboo
  Specialized tool to dump Position Independent Code.
  ☆22Updated 4 years ago
• its-a-feature / loginItemManipulator
  ☆15Updated 4 years ago
• RedSiege / CLM-Base64
  This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode
  ☆26Updated 11 months ago
• antman1p / JXA_Proc_Tree
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆13Updated 3 years ago
• lkarlslund / azureimposter
  Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token
  ☆26Updated 2 years ago
• cedowens / Mythic-Macro-Generator
  Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens
  ☆47Updated 4 years ago
• freeload101 / Bloodhound-Portable
  Bloodhound Portable for Windows
  ☆51Updated 2 years ago