A ProcessMonitor visualization application written in rust.
☆184Aug 6, 2023Updated 2 years ago
Alternatives and similar repositories for VISION-ProcMon
Users that are interested in VISION-ProcMon are comparing it to the libraries listed below
Sorting:
- A centralized and enhanced memory analysis platform☆520Jul 13, 2025Updated 7 months ago
- A small tool to unmap PE memory dumps.☆11Nov 9, 2023Updated 2 years ago
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆56Jun 30, 2021Updated 4 years ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆696Oct 22, 2025Updated 4 months ago
- ☆31Dec 1, 2022Updated 3 years ago
- MacroExploit use in excel sheet☆20Jun 12, 2023Updated 2 years ago
- Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)☆21Oct 18, 2024Updated last year
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- ☆25Jul 23, 2024Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆56Jul 2, 2023Updated 2 years ago
- A Repository to Track Anti-Forensic Techniques☆118Mar 8, 2023Updated 2 years ago
- C# Utilities for Windows Notification Facility☆159Apr 14, 2025Updated 10 months ago
- Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…☆237Sep 3, 2023Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,037Updated this week
- Royal Road RTF Weaponizer object decoder☆24Sep 26, 2024Updated last year
- Load any Beacon Object File using Powershell!☆260Dec 9, 2021Updated 4 years ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Mar 1, 2023Updated 3 years ago
- A collection of art inspired by the world of cybersecurity and hacking culture.☆42May 14, 2025Updated 9 months ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Jun 14, 2021Updated 4 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- Malkom is an extensible and simple similarity graph generator for malware analysis aimed at helping analysts visualize and cluster sets o…☆17Apr 6, 2023Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆125Jul 12, 2024Updated last year
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- ☆94May 14, 2022Updated 3 years ago
- Analyse your malware to surgically obfuscate it☆519Dec 17, 2025Updated 2 months ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆322Sep 23, 2022Updated 3 years ago
- A standalone DLL that exports databases in cleartext once injected in the KeePass process.☆301Mar 1, 2023Updated 3 years ago
- ☆25Jan 8, 2024Updated 2 years ago
- High Octane Triage Analysis☆820Updated this week
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,562Oct 31, 2025Updated 4 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆306Aug 2, 2023Updated 2 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,452Feb 14, 2026Updated 2 weeks ago
- A wireshark plugin to instrument ETW☆580Jan 28, 2022Updated 4 years ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆127Apr 6, 2024Updated last year
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆163Dec 24, 2022Updated 3 years ago
- This map lists the essential techniques to bypass anti-virus and EDR☆3,161Mar 28, 2025Updated 11 months ago
- Finds imports that could be exploited, still requires manual analysis.☆29Nov 9, 2022Updated 3 years ago