airbus-cert / WinsharkLinks
A wireshark plugin to instrument ETW
☆560Updated 3 years ago
Alternatives and similar repositories for Winshark
Users that are interested in Winshark are comparing it to the libraries listed below
Sorting:
- ☆772Updated 2 years ago
- View ETW Provider manifest☆498Updated 7 months ago
- Event Tracing For Windows (ETW) Resources☆389Updated 8 months ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆801Updated 4 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆755Updated last year
- Sysmon EDR POC Build within Powershell to prove ability.☆225Updated 4 years ago
- ☆519Updated 2 weeks ago
- Encyclopedia for Executables☆445Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆299Updated last year
- Sysmon-Like research tool for ETW☆354Updated 2 years ago
- Live hunting of code injection techniques☆382Updated 5 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,144Updated last year
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆581Updated last year
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆421Updated 5 years ago
- ☆299Updated 4 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆600Updated this week
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆813Updated 3 years ago
- RPC Monitor tool based on Event Tracing for Windows☆357Updated 10 months ago
- ☆473Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆736Updated 3 weeks ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆263Updated 3 years ago
- Extract Windows Defender database from vdm files and unpack it☆443Updated last week
- Expriments☆463Updated 8 months ago
- Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into ca…☆410Updated 11 months ago
- ☆428Updated 2 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆424Updated 4 years ago
- The multi-platform memory acquisition tool.☆802Updated this week
- PoCs and tools for investigation of Windows process execution techniques☆921Updated 2 weeks ago
- PE-bear (builds only)☆779Updated 2 years ago
- A tool to kill antimalware protected processes☆1,452Updated 4 years ago