ProcessusT / ETWMonitor
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆115Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ETWMonitor
- VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…☆38Updated 2 years ago
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆120Updated 3 weeks ago
- Identify the accounts most vulnerable to dictionary attacks☆94Updated 3 months ago
- Youtube as C2 channel - Control Windows systems uploading videos to Youtube☆79Updated 5 months ago
- RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++☆235Updated last year
- Docker images of the Exegol project☆89Updated last week
- An interactive shell to spoof some LOLBins command line☆180Updated 9 months ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆166Updated 3 months ago
- Assess the security of your Active Directory with few or all privileges.☆186Updated this week
- ☆103Updated 9 months ago
- ☆169Updated last month
- A python script to automatically list vulnerable Windows ACEs/ACLs.☆45Updated 2 months ago
- Ransomware simulator written in C#☆36Updated 2 years ago
- Deleting Shadow Copies In Pure C++☆113Updated 2 years ago
- Run Your Payload Without Running Your Payload☆177Updated 2 years ago
- ☆16Updated 2 years ago
- Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de s…☆27Updated 2 years ago
- Spoofing desktop login applications with WinForms and WPF☆170Updated 9 months ago
- C# AV/EDR Killer using less-known driver (BYOVD)☆157Updated last year
- ☆294Updated 3 weeks ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆259Updated last year
- ☆127Updated 3 months ago
- Guide journalisation Microsoft☆57Updated 4 months ago
- ☆160Updated 2 years ago
- A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique☆24Updated 2 years ago
- A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application☆89Updated 8 months ago
- PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…☆136Updated 5 months ago
- ☆158Updated last year