Windows notifier tool that detects suspicious connections by monitoring ETW event logs
☆124Dec 8, 2022Updated 3 years ago
Alternatives and similar repositories for ETWMonitor
Users that are interested in ETWMonitor are comparing it to the libraries listed below
Sorting:
- VULNSPY regularly retrieves the latest alerts published by the CERT-FR and the related vulnerabilities with their CVSS score and allows y…☆38Nov 3, 2022Updated 3 years ago
- A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique☆27Nov 11, 2022Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Python script for extracting and decrypting Group Policy Preferences passwords☆26May 28, 2021Updated 4 years ago
- WCRT CMake build☆11Mar 26, 2014Updated 11 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Searching .evtx logs for remote connections☆24Jul 6, 2023Updated 2 years ago
- Deleting Shadow Copies In Pure C++☆118Oct 31, 2022Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 7 months ago
- RemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control☆15Sep 2, 2024Updated last year
- RPC Monitor based on The ETW Microsoft-Windows-Rpc provider☆24Mar 22, 2020Updated 5 years ago
- Ludus roles to deploy ASR rules and MDI auditing settings☆24Aug 5, 2025Updated 7 months ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆320Mar 20, 2024Updated 2 years ago
- Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all D…☆527Jul 31, 2024Updated last year
- ☆164Dec 30, 2022Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆250Jul 9, 2024Updated last year
- Tools and PoCs for Windows syscall investigation.☆367Dec 2, 2025Updated 3 months ago
- Bypass Detection By Randomising ROR13 API Hashes☆141Feb 24, 2022Updated 4 years ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆501Jan 10, 2023Updated 3 years ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆207Aug 12, 2024Updated last year
- apkfram was written in order to help any mobile penetration testers to identify the Framework used to develop the Android application.☆12Oct 9, 2024Updated last year
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆21Apr 2, 2025Updated 11 months ago
- Example of async client/server sockets in .NET 5☆17Jun 9, 2021Updated 4 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆19Jan 3, 2022Updated 4 years ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- AppContainer tools for launching sandboxed win32 apps, changing ACL permissions and learning from ETW traces.☆32May 4, 2025Updated 10 months ago
- A simple WPF interface for Active Directory user password reset☆56Jun 11, 2024Updated last year
- A fake AMSI Provider which can be used for persistence.☆156May 16, 2021Updated 4 years ago
- This aggressor script uses a beacon's note field to indicate the health status of a beacon.☆141Sep 29, 2021Updated 4 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆363Dec 19, 2022Updated 3 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 4 years ago
- Some stuff for PHD2021☆14May 21, 2025Updated 10 months ago
- UAC bypass for x64 Windows 7 - 11☆833Feb 2, 2026Updated last month
- Asynchronous RDP/VNC client for Python (GUI)☆78Jan 1, 2025Updated last year
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago