ProcessusT / ETWMonitorLinks
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆120Updated 2 years ago
Alternatives and similar repositories for ETWMonitor
Users that are interested in ETWMonitor are comparing it to the libraries listed below
Sorting:
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆135Updated 7 months ago
- VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…☆38Updated 2 years ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆186Updated 9 months ago
- ☆104Updated last year
- Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube☆90Updated 11 months ago
- Obfuscate the bytes of your payload with an association dictionary☆61Updated last week
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆212Updated 2 years ago
- Identify the accounts most vulnerable to dictionary attacks☆119Updated 2 months ago
- Assess the security of your Active Directory with few or all privileges.☆316Updated last month
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆141Updated 10 months ago
- ☆299Updated 7 months ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆41Updated 8 months ago
- A python script to automatically list vulnerable Windows ACEs/ACLs.☆54Updated 6 months ago
- An interactive shell to spoof some LOLBins command line☆184Updated last year
- Run Your Payload Without Running Your Payload☆182Updated 2 years ago
- RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++☆248Updated last year
- C# AV/EDR Killer using less-known driver (BYOVD)☆175Updated last year
- A tool to remotely detect unusual sessions opened on windows machines using RPC☆109Updated last month
- Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager☆20Updated 5 months ago
- Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de s…☆28Updated 2 years ago
- A ProcessMonitor visualization application written in rust.☆180Updated last year
- ☆141Updated 9 months ago
- Shellcode loader based on indirect syscall☆22Updated 3 months ago
- DNS Tunneling using powershell to download and execute a payload. Works in CLM.☆219Updated 3 years ago
- A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.☆371Updated 4 months ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- PowerShell Asynchronous TCP Reverse Shell☆157Updated last year
- ☆165Updated 2 years ago
- Detect WFP filters blocking EDR communications☆90Updated last year
- A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.☆182Updated 2 months ago