Alternatives and similar repositories for RPCMon:

Users that are interested in RPCMon are comparing it to the libraries listed below

• pathtofile / Sealighter
  Sysmon-Like research tool for ETW
  ☆349Updated 2 years ago
• trailofbits / RpcInvestigator
  Exploring RPC interfaces on Windows
  ☆312Updated 11 months ago
• jsecurity101 / MSRPC-to-ATTACK
  A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
  ☆317Updated last year
• daem0nc0re / AtomicSyscall
  Tools and PoCs for Windows syscall investigation.
  ☆356Updated last week
• daem0nc0re / TangledWinExec
  PoCs and tools for investigation of Windows process execution techniques
  ☆888Updated last month
• xuanxuan0 / TiEtwAgent
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆259Updated 3 years ago
• zeroperil / HookDump
  Security product hook detection
  ☆315Updated 3 years ago
• DamonMohammadbagher / ETWProcessMon2
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆297Updated 9 months ago
• br-sn / CheekyBlinder
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆551Updated last year
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆356Updated 10 months ago
• zeronetworks / rpcfirewall
  ☆483Updated last month
• rad9800 / TamperingSyscalls
  ☆465Updated 2 years ago
• Cracked5pider / KaynLdr
  KaynLdr is a Reflective Loader written in C/ASM
  ☆527Updated last year
• HackingLZ / ExtractedDefender
  ☆215Updated 2 years ago
• APTortellini / unDefender
  Killing your preferred antimalware by abusing native symbolic links and NT paths.
  ☆353Updated 2 years ago
• deepinstinct / Dirty-Vanity
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆627Updated 2 years ago
• commial / experiments
  Expriments
  ☆455Updated 3 months ago
• thefLink / Hunt-Sleeping-Beacons
  Aims to identify sleeping beacons
  ☆525Updated last month
• nettitude / RunPE
  C# Reflective loader for unmanaged binaries.
  ☆423Updated last year
• mgeeky / UnhookMe
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆344Updated 2 years ago
• RedSection / OffensivePH
  OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
  ☆330Updated 3 years ago
• daem0nc0re / VectorKernel
  PoCs for Kernelmode rootkit techniques research.
  ☆345Updated this week
• gabriellandau / PPLFault
  ☆517Updated 10 months ago
• subat0mik / whoamsi
  An effort to track security vendors' use of Microsoft's Antimalware Scan Interface
  ☆236Updated 2 years ago
• deepinstinct / Lsass-Shtinkering
  ☆379Updated last year
• antonioCoco / MalSeclogon
  A little tool to play with the Seclogon service
  ☆308Updated 2 years ago
• NUL0x4C / KnownDllUnhook
  Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
  ☆289Updated 2 years ago
• codewhitesec / HandleKatz
  PIC lsass dumper using cloned handles
  ☆578Updated 2 years ago
• trustedsec / COFFLoader
  ☆489Updated 2 months ago
• nccgroup / DetectWindowsCopyOnWriteForAPI
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆185Updated 3 years ago