Alternatives and similar repositories for endpoint-package

Users that are interested in endpoint-package are comparing it to the libraries listed below

• elastic / security-docs
  Elastic Security Documentation
  ☆86Updated last week
• elastic / endpoint
  ☆38Updated 3 months ago
• pathtofile / SealighterTI
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆176Updated 2 years ago
• thefLink / Hunt-Weird-Syscalls
  ETW based POC to identify direct and indirect syscalls
  ☆187Updated 2 years ago
• MSAdministrator / goattck
  A Golang CLI for the MITRE ATT&CK Framework
  ☆13Updated 2 months ago
• elastic / elastic-agent
  Elastic Agent - single, unified way to add monitoring for logs, metrics, and other types of data to a host.
  ☆186Updated this week
• raykaryshyn / FakeTLS
  Client/server code that impersonates TLS 1.3 to disguise C2 activity.
  ☆70Updated 2 years ago
• elastic / elastic-package
  elastic-package - Command line tool for developing Elastic Integrations
  ☆62Updated this week
• pathtofile / commandline_cloaking
  A collection of projects demonstrating various commandline cloaking techniques on Linux
  ☆58Updated 2 years ago
• fkie-cad / yapscan
  Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
  ☆61Updated last year
• codewhitesec / SysmonEnte
  ☆74Updated 2 years ago
• matterpreter / FindETWProviderImage
  Quickly search for references to a GUID in DLLs, EXEs, and drivers
  ☆74Updated 3 years ago
• 0xThiebaut / Signatures
  🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...
  ☆21Updated last year
• zeronetworks / ldapfw
  Protect your Domain Controllers by auditing and restricting LDAP requests
  ☆172Updated last month
• xuanxuan0 / TiEtwAgent
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆280Updated 4 years ago
• RedTeamOperations / VEH-PoC
  ☆114Updated 2 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆259Updated 2 years ago
• moloch-- / sliver-py
  A Python gRPC Client Library for Sliver
  ☆70Updated 3 months ago
• elastic / elastic-integration-corpus-generator-tool
  Command line tool used for generating events corpus dynamically given a specific integration
  ☆23Updated 5 months ago
• DGRonpa / Process_Injection
  ☆28Updated 3 years ago
• swimlane / pyattck-data
  This repository contains generated contextual data utilized by pyattck.
  ☆19Updated 4 months ago
• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆171Updated 3 weeks ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆89Updated 2 years ago
• oldboy21 / SyscallMeMaybe
  Implementation of Indirect Syscall technique to pop a calc.exe
  ☆102Updated last year
• google / mandiant-ti-client
  ☆16Updated last year
• OTRF / OSSEM-DD
  OSSEM Data Dictionaries
  ☆61Updated 5 months ago
• D4stiny / ForkPlayground
  An implementation and proof-of-concept of Process Forking.
  ☆226Updated 3 years ago
• jonny-jhnson / LDAPMon
  ☆45Updated last year
• mez-0 / winrmdll
  C++ WinRM API via Reflective DLL
  ☆145Updated 3 years ago
• daem0nc0re / SharpWnfSuite
  C# Utilities for Windows Notification Facility
  ☆152Updated 3 months ago