Alternatives and similar repositories for ETWMonitor

Users that are interested in ETWMonitor are comparing it to the libraries listed below

• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆44Updated last year
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆116Updated 2 years ago
• dr4k0nia / tooling-playground
  A collection of small scripts and tools for deobfuscation and malware analysis.
  ☆66Updated 2 years ago
• QueenSquishy / plague
  Default Detections for EDR
  ☆97Updated last year
• markuta / bw-dump
  A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.
  ☆42Updated last year
• SafeBreach-Labs / aikido_wiper
  ☆68Updated 3 years ago
• MalwareTech / HiddenDesktop
  Create and enumerate hidden desktops.
  ☆88Updated 2 years ago
• sadshade / veeam-creds
  Collection of scripts to retrieve stored passwords from Veeam Backup
  ☆144Updated 8 months ago
• Octoberfest7 / DNS_Tunneling
  DNS Tunneling using powershell to download and execute a payload. Works in CLM.
  ☆231Updated 3 years ago
• kacos2000 / Prefetch-Browser
  Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
  ☆64Updated last year
• sensepost / mydumbedr
  ☆120Updated 2 years ago
• FourCoreLabs / LolDriverScan
  Scan vulnerable drivers on Windows with loldrivers.io
  ☆186Updated 2 years ago
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆118Updated 3 years ago
• knight0x07 / OneNoteAnalyzer
  A C# based tool for analysing malicious OneNote documents
  ☆118Updated 2 years ago
• amjcyber / EDRNoiseMaker
  Detect WFP filters blocking EDR communications
  ☆96Updated 2 years ago
• MzHmO / Privileger
  Privileger is a tool to work with Windows Privileges
  ☆139Updated 3 years ago
• mattifestation / AntimalwareBlight
  Execute PowerShell code at the antimalware-light protection level.
  ☆142Updated 3 years ago
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆226Updated 2 years ago
• dsnezhkov / shutter
  ☆124Updated 4 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆92Updated 3 years ago
• olafhartong / PockETWatcher
  a tiny program to consume from ETW providers for research
  ☆53Updated last year
• forensicxlab / VISION-ProcMon
  A ProcessMonitor visualization application written in rust.
  ☆184Updated 2 years ago
• georgesotiriadis / MalwareDev
  ☆86Updated 3 years ago
• ghostpepper108 / Evasion
  ☆107Updated 2 years ago
• Qazeer / FarsightAD
  PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …
  ☆98Updated 3 weeks ago
• floesen / EventLogCrasher
  ☆189Updated 2 years ago
• deepinstinct / NoFilter
  ☆301Updated last year
• mlcsec / FormThief
  Spoofing desktop login applications with WinForms and WPF
  ☆176Updated last year
• JPCERTCC / CobaltStrike-Config
  Repository for archiving Cobalt Strike configuration
  ☆35Updated last week
• ashemery / Anti-Forensics
  A Repository to Track Anti-Forensic Techniques
  ☆118Updated 2 years ago