ProcessusT / ETWMonitorLinks
Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆120Updated 2 years ago
Alternatives and similar repositories for ETWMonitor
Users that are interested in ETWMonitor are comparing it to the libraries listed below
Sorting:
- VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…☆38Updated 2 years ago
- The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.☆136Updated 8 months ago
- A C# based tool for analysing malicious OneNote documents☆114Updated 2 years ago
- Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube☆90Updated last year
- Guide journalisation Microsoft☆69Updated 11 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆213Updated 2 years ago
- Bruteforce DPAPI encrypted MasterKey File from Windows Credentials Manager☆21Updated 5 months ago
- DNS Tunneling using powershell to download and execute a payload. Works in CLM.☆219Updated 3 years ago
- Ransomware simulator written in C#☆37Updated 3 years ago
- Shellcode loader based on indirect syscall☆22Updated 4 months ago
- Run Your Payload Without Running Your Payload☆182Updated 2 years ago
- Scripts permettant de contourner la protection antivirale de Windows Defender via la technique de Direct Syscalls avec une injection de s…☆30Updated 2 years ago
- A ProcessMonitor visualization application written in rust.☆181Updated last year
- ☆164Updated 2 years ago
- Identify the accounts most vulnerable to dictionary attacks☆120Updated 2 months ago
- Exploits Scripts and other tools that are useful during Penetration-Testing or Red Team engagement☆65Updated 3 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆275Updated 4 months ago
- Default Detections for EDR☆96Updated last year
- ☆300Updated 8 months ago
- PowerShell Asynchronous TCP Reverse Shell☆158Updated last year
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆41Updated 9 months ago
- ☆67Updated 4 years ago
- Active Directory delegation management tool☆301Updated 2 years ago
- ☆183Updated 2 weeks ago
- RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++☆249Updated 2 years ago
- ☆67Updated 2 years ago
- Updated version of PowerDNS by @domchell. Adds support for transfers over DNS A records and a few other useful features.☆84Updated 2 years ago
- An interactive shell to spoof some LOLBins command line☆184Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆176Updated 2 years ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆242Updated 2 months ago