NybbleHub / Bluekeep-Detection-Rule
Bluekeep detection rule by using Apache Flink CEP (Complex Event Processing) Library and Markov Chain.
☆9Updated 5 years ago
Alternatives and similar repositories for Bluekeep-Detection-Rule:
Users that are interested in Bluekeep-Detection-Rule are comparing it to the libraries listed below
- Simplified go-cat agent for caldera☆10Updated last year
- Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.☆17Updated 4 years ago
- Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation☆16Updated 6 years ago
- POC code to crash Windows Event Logger Service☆26Updated 4 years ago
- Tool to decrypt the configuration of NanoCore and dump all used plugins☆10Updated 4 years ago
- Look into EDR events from network☆23Updated 11 months ago
- Community maintained list of most popular HIPS service and process names on a Windows Platform.☆43Updated 2 years ago
- ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…☆39Updated last year
- Tool to manage user privileges☆28Updated 5 years ago
- ☆12Updated 7 years ago
- Lightweight C# windows agent for Apfell☆17Updated 5 years ago
- ☆11Updated 5 years ago
- Invoke-Decoder – A PowerShell script to decode/deobfuscate malware samples☆19Updated 4 years ago
- This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes☆21Updated 4 years ago
- Analytics for Accounting logs from Network devices☆17Updated 4 years ago
- ssdeep cluster analysis for malware files☆30Updated 4 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Updated 6 months ago
- ☆39Updated 2 years ago
- 威胁检测规则集☆15Updated 5 years ago
- A set of commands to bypass Defender (and some other AVs)☆20Updated 5 years ago
- QuasarRAT analysis tools and research report☆27Updated last year
- ☆24Updated 5 years ago
- simple demo of using C# & System.Management.Automation.dll to run powershell code (b64 encoded) without powershell.exe☆14Updated 8 years ago
- A C# tool to send emails through Outlook from the command line or in memory☆31Updated 4 years ago
- Executes shellcode from a remote server and aims to evade in-memory scanners☆31Updated 5 years ago
- Implementation of ITaskHandler in C++☆13Updated 2 years ago
- A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface☆15Updated 5 years ago
- Some stuff for PHD2021☆12Updated 3 years ago
- A Lazy Programmer's Tips for Avoiding the SOC ~ BSides Belfast 2024☆16Updated 6 months ago
- Example of async client/server sockets in .NET 5☆16Updated 3 years ago