airbus-cert / WinsharkLinks
A wireshark plugin to instrument ETW
☆562Updated 3 years ago
Alternatives and similar repositories for Winshark
Users that are interested in Winshark are comparing it to the libraries listed below
Sorting:
- Encyclopedia for Executables☆448Updated 3 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆583Updated last year
- ☆780Updated 2 years ago
- Event Tracing For Windows (ETW) Resources☆393Updated 10 months ago
- View ETW Provider manifest☆524Updated 9 months ago
- ☆520Updated 2 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆304Updated last year
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆263Updated 3 years ago
- The multi-platform memory acquisition tool.☆818Updated last month
- ☆149Updated last year
- Enumerate and disable common sources of telemetry used by AV/EDR.☆805Updated 4 years ago
- Live hunting of code injection techniques☆383Updated 5 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- $MFT directory tree reconstruction & FILE record info☆307Updated 10 months ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆613Updated 3 weeks ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆764Updated last year
- Sysmon-Like research tool for ETW☆358Updated 2 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆421Updated 5 years ago
- An AFF4 C++ implementation.☆206Updated 2 years ago
- Expriments☆465Updated 10 months ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆706Updated 2 months ago
- ☆500Updated last year
- Commandline low level file extractor for NTFS☆296Updated 6 years ago
- Prefetch Explorer Command Line☆261Updated 6 months ago
- Windows Registry Knowledge Base☆177Updated 10 months ago
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆181Updated last month
- Regipy is an os independent python library for parsing offline registry hives☆259Updated last month
- C# based evtx parser with lots of extras☆317Updated last month
- Dynamic unpacker based on PE-sieve☆746Updated 2 months ago