ProcessusT / ETWMonitor
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆117Updated 2 years ago
Alternatives and similar repositories for ETWMonitor:
Users that are interested in ETWMonitor are comparing it to the libraries listed below
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆128Updated 5 months ago
- A python script to automatically list vulnerable Windows ACEs/ACLs.☆51Updated 3 months ago
- VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…☆38Updated 2 years ago
- Obfuscate the bytes of your payload with an association dictionary☆33Updated 4 months ago
- Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de s…☆27Updated 2 years ago
- Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube☆86Updated 9 months ago
- Spoofing desktop login applications with WinForms and WPF☆172Updated last year
- ☆139Updated 7 months ago
- Small project to facilitate creation of .lnk payloads☆65Updated 2 years ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆137Updated 8 months ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆181Updated 7 months ago
- POC for Veeam Backup and Replication CVE-2023-27532☆63Updated 2 years ago
- GolenGMSA tool for working with GMSA passwords☆140Updated 11 months ago
- Tool for viewing NTDS.dit☆150Updated 2 weeks ago
- Python script for extracting and decrypting Group Policy Preferences passwords☆22Updated 3 years ago
- ☆103Updated last year
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆39Updated 6 months ago
- Hybrid AD utilities for ROADtools☆72Updated 2 months ago
- ☆107Updated last year
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆141Updated 10 months ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆196Updated 9 months ago
- D/Invoke standalone shellcode runners☆37Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆184Updated last year
- ☆297Updated 5 months ago
- ACL abuse swiss-knife☆119Updated 2 years ago
- A PowerShell console in C/C++ with all the security features disabled☆216Updated 2 weeks ago
- Continuous password spraying tool☆176Updated 3 weeks ago
- Docker images of the Exegol project☆102Updated last week
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆207Updated last year