airbus-cert / WinsharkLinks
A wireshark plugin to instrument ETW
☆559Updated 3 years ago
Alternatives and similar repositories for Winshark
Users that are interested in Winshark are comparing it to the libraries listed below
Sorting:
- ☆768Updated 2 years ago
- View ETW Provider manifest☆489Updated 7 months ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆797Updated 4 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆299Updated last year
- Event Tracing For Windows (ETW) Resources☆386Updated 8 months ago
- An index of Windows binaries, including download links for executables such as exe, dll and sys files☆656Updated this week
- Live hunting of code injection techniques☆382Updated 5 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆224Updated 4 years ago
- Living Off The Land Drivers☆1,180Updated 3 weeks ago
- ☆517Updated 5 months ago
- Sysmon-Like research tool for ETW☆353Updated 2 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆750Updated last year
- Encyclopedia for Executables☆440Updated 3 years ago
- The multi-platform memory acquisition tool.☆797Updated 6 months ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆262Updated 3 years ago
- PE-bear (builds only)☆779Updated 2 years ago
- Expriments☆458Updated 8 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆579Updated last year
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,140Updated last year
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆740Updated 3 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆587Updated last week
- Extract Windows Defender database from vdm files and unpack it☆440Updated 5 years ago
- ☆491Updated last year
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆420Updated 5 years ago
- Dynamic unpacker based on PE-sieve☆732Updated last week
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆812Updated 3 years ago
- ☆1,655Updated 9 months ago
- ☆298Updated 4 years ago
- ☆428Updated 2 years ago
- Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into ca…☆408Updated 10 months ago