Alternatives and similar repositories for ETWMonitor

Users that are interested in ETWMonitor are comparing it to the libraries listed below

• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆116Updated 2 years ago
• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆43Updated last year
• sadshade / veeam-creds
  Collection of scripts to retrieve stored passwords from Veeam Backup
  ☆142Updated 6 months ago
• QueenSquishy / plague
  Default Detections for EDR
  ☆96Updated last year
• MzHmO / Privileger
  Privileger is a tool to work with Windows Privileges
  ☆139Updated 2 years ago
• dr4k0nia / tooling-playground
  A collection of small scripts and tools for deobfuscation and malware analysis.
  ☆66Updated 2 years ago
• georgesotiriadis / MalwareDev
  ☆84Updated 3 years ago
• SafeBreach-Labs / aikido_wiper
  ☆68Updated 3 years ago
• sensepost / mydumbedr
  ☆121Updated last year
• icyguider / NewPowerDNS
  Updated version of PowerDNS by @domchell. Adds support for transfers over DNS A records and a few other useful features.
  ☆83Updated 2 years ago
• floesen / EventLogCrasher
  ☆192Updated last year
• p0dalirius / ldap2json
  The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
  ☆141Updated last year
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆117Updated 3 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆91Updated 3 years ago
• MalwareTech / HiddenDesktop
  Create and enumerate hidden desktops.
  ☆88Updated 2 years ago
• mlcsec / FormThief
  Spoofing desktop login applications with WinForms and WPF
  ☆176Updated last year
• Mr-Un1k0d3r / ATP-PowerShell-Scripts
  Microsoft Signed PowerShell scripts
  ☆220Updated 2 years ago
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆223Updated 2 years ago
• knight0x07 / OneNoteAnalyzer
  A C# based tool for analysing malicious OneNote documents
  ☆118Updated 2 years ago
• CICADA8-Research / MyMSIAnalyzer
  Analyse MSI files for vulnerabilities
  ☆140Updated last year
• hackerhouse-opensource / WMIProcessWatcher
  A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
  ☆138Updated last year
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆139Updated last year
• Octoberfest7 / DNS_Tunneling
  DNS Tunneling using powershell to download and execute a payload. Works in CLM.
  ☆229Updated 3 years ago
• amjcyber / EDRNoiseMaker
  Detect WFP filters blocking EDR communications
  ☆96Updated last year
• FourCoreLabs / LolDriverScan
  Scan vulnerable drivers on Windows with loldrivers.io
  ☆186Updated 2 years ago
• JPCERTCC / CobaltStrike-Config
  Repository for archiving Cobalt Strike configuration
  ☆35Updated this week
• markuta / bw-dump
  A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.
  ☆41Updated last year
• Octoberfest7 / BeatRev
  POC for frustrating/defeating Malware Analysts
  ☆157Updated 3 years ago
• OccamsXor / Dragnmove
  Infect Shared Files In Memory for Lateral Movement
  ☆196Updated 3 years ago
• hwvs / Invoke-GPTObfuscation
  Powershell implementation of a novel technique. Invoke-GPTObfuscation is a PowerShell Obfuscator that utilizes OpenAI (and other APIs) to…
  ☆48Updated 2 years ago