ProcessusT / ETWMonitorLinks
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆121Updated 2 years ago
Alternatives and similar repositories for ETWMonitor
Users that are interested in ETWMonitor are comparing it to the libraries listed below
Sorting:
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆42Updated 11 months ago
- Finding secrets in kernel and user memory☆116Updated last year
- ☆68Updated 2 years ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- Create and enumerate hidden desktops.☆90Updated last year
- ☆120Updated last year
- A C# based tool for analysing malicious OneNote documents☆116Updated 2 years ago
- Privileger is a tool to work with Windows Privileges☆137Updated 2 years ago
- Default Detections for EDR☆96Updated last year
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 8 months ago
- A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.☆186Updated 5 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆217Updated 2 years ago
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆134Updated last year
- Collection of scripts to retrieve stored passwords from Veeam Backup☆132Updated 2 months ago
- An interactive shell to spoof some LOLBins command line☆185Updated last year
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- ☆108Updated 2 years ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- ☆84Updated 3 years ago
- A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.☆41Updated last year
- Living Off the Foreign Land setup scripts☆70Updated 6 months ago
- ☆120Updated 4 years ago
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆140Updated last year
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Updated 2 years ago
- Scan vulnerable drivers on Windows with loldrivers.io☆181Updated last year
- A ProcessMonitor visualization application written in rust.☆183Updated 2 years ago
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆137Updated 10 months ago
- Ransomware simulator written in C#☆37Updated 3 years ago
- .NET executable to use when dealing with privilege escalation on Windows to gain local administrator access☆160Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆156Updated 3 years ago