ProcessusT / ETWMonitor
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆115Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ETWMonitor
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆120Updated 2 weeks ago
- VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…☆38Updated 2 years ago
- Youtube as C2 channel - Control Windows systems uploading videos to Youtube☆78Updated 4 months ago
- Identify the accounts most vulnerable to dictionary attacks☆95Updated 3 months ago
- RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++☆234Updated last year
- Assess the security of your Active Directory with few or all privileges.☆157Updated this week
- Spoofing desktop login applications with WinForms and WPF☆171Updated 8 months ago
- A python script to automatically list vulnerable Windows ACEs/ACLs.☆42Updated 2 months ago
- Privileger is a tool to work with Windows Privileges☆133Updated last year
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆164Updated 3 months ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆138Updated 3 months ago
- Deleting Shadow Copies In Pure C++☆113Updated 2 years ago
- A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application☆88Updated 7 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- Run Your Payload Without Running Your Payload☆176Updated 2 years ago
- ☆181Updated 9 months ago
- ☆169Updated 3 weeks ago
- Docker images of the Exegol project☆89Updated this week
- An interactive shell to spoof some LOLBins command line☆179Updated 9 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆80Updated 4 months ago
- Decrypt GlobalProtect configuration and cookie files.☆135Updated 2 months ago
- Continuous password spraying tool☆116Updated 5 months ago
- ☆95Updated 2 years ago
- GolenGMSA tool for working with GMSA passwords☆135Updated 7 months ago
- Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines☆144Updated 2 months ago
- FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…☆205Updated last month
- Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de s…☆27Updated 2 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆259Updated last year