Alternatives and similar repositories for ETWMonitor

Users that are interested in ETWMonitor are comparing it to the libraries listed below

• p0dalirius / ldap2json
  The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
  ☆135Updated 7 months ago
• ProcessusT / vulnspy
  VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…
  ☆38Updated 2 years ago
• Leo4j / Invoke-SessionHunter
  Retrieve and display information about active user sessions on remote computers. No admin privileges required.
  ☆186Updated 9 months ago
• akamai / Invoke-DHCPCheckup
  ☆104Updated last year
• ricardojoserf / SharpCovertTube
  Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube
  ☆90Updated 11 months ago
• ProcessusT / Dictofuscation
  Obfuscate the bytes of your payload with an association dictionary
  ☆61Updated last week
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆212Updated 2 years ago
• Elymaro / PassTester
  Identify the accounts most vulnerable to dictionary attacks
  ☆119Updated 2 months ago
• CobblePot59 / ADcheck
  Assess the security of your Active Directory with few or all privileges.
  ☆316Updated last month
• TierZeroSecurity / edr_blocker
  Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…
  ☆141Updated 10 months ago
• deepinstinct / NoFilter
  ☆299Updated 7 months ago
• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆41Updated 8 months ago
• AetherBlack / abuseACL
  A python script to automatically list vulnerable Windows ACEs/ACLs.
  ☆54Updated 6 months ago
• itaymigdal / LOLSpoof
  An interactive shell to spoof some LOLBins command line
  ☆184Updated last year
• NUL0x4C / NoRunPI
  Run Your Payload Without Running Your Payload
  ☆182Updated 2 years ago
• S12cybersecurity / RDPCredentialStealer
  RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++
  ☆248Updated last year
• ph4nt0mbyt3 / Darkside
  C# AV/EDR Killer using less-known driver (BYOVD)
  ☆175Updated last year
• p0dalirius / FindUnusualSessions
  A tool to remotely detect unusual sessions opened on windows machines using RPC
  ☆109Updated last month
• ProcessusT / MasterKeyBrute
  Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager
  ☆20Updated 5 months ago
• ProcessusT / Bypass-AV-DirectSyscalls
  Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de s…
  ☆28Updated 2 years ago
• forensicxlab / VISION-ProcMon
  A ProcessMonitor visualization application written in rust.
  ☆180Updated last year
• synacktiv / ntdissector
  ☆141Updated 9 months ago
• mallo-m / AxiomLoader
  Shellcode loader based on indirect syscall
  ☆22Updated 3 months ago
• Octoberfest7 / DNS_Tunneling
  DNS Tunneling using powershell to download and execute a payload. Works in CLM.
  ☆219Updated 3 years ago
• p0dalirius / ExtractBitlockerKeys
  A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
  ☆371Updated 4 months ago
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆114Updated 2 years ago
• JoelGMSec / PSAsyncShell
  PowerShell Asynchronous TCP Reverse Shell
  ☆157Updated last year
• winsecurity / Offensive-C-Sharp
  ☆165Updated 2 years ago
• amjcyber / EDRNoiseMaker
  Detect WFP filters blocking EDR communications
  ☆90Updated last year
• xaitax / PatchaPalooza
  A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
  ☆182Updated 2 months ago