ProcessusT / ETWMonitorLinks
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆121Updated 2 years ago
Alternatives and similar repositories for ETWMonitor
Users that are interested in ETWMonitor are comparing it to the libraries listed below
Sorting:
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆42Updated last year
- A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.☆41Updated last year
- ☆68Updated 2 years ago
- ☆84Updated 3 years ago
- Scan vulnerable drivers on Windows with loldrivers.io☆182Updated 2 years ago
- Spoofing desktop login applications with WinForms and WPF☆176Updated last year
- Create and enumerate hidden desktops.☆91Updated last year
- ☆121Updated last year
- Finding secrets in kernel and user memory☆116Updated 2 years ago
- ☆108Updated 2 years ago
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆134Updated last year
- DNS Tunneling using powershell to download and execute a payload. Works in CLM.☆228Updated 3 years ago
- Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if y…☆100Updated 2 years ago
- Default Detections for EDR☆96Updated last year
- A C# based tool for analysing malicious OneNote documents☆116Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆86Updated 2 months ago
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆179Updated last year
- Bypass Malware Time Delays☆104Updated 3 years ago
- Repository for archiving Cobalt Strike configuration☆35Updated last week
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆139Updated 10 months ago
- Privileger is a tool to work with Windows Privileges☆138Updated 2 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- Analyse MSI files for vulnerabilities☆138Updated last year
- Collection of scripts to retrieve stored passwords from Veeam Backup☆133Updated 3 months ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆84Updated 2 years ago
- ☆16Updated 3 years ago
- ☆120Updated 4 years ago
- .NET executable to use when dealing with privilege escalation on Windows to gain local administrator access☆160Updated 2 years ago
- C2 Automation using Linode☆84Updated 3 years ago