huntandhackett / sysmon-indepth
Understanding the operation and limitations of Sysmon's events
☆13Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for sysmon-indepth
- A COFF Loader written in Rust☆26Updated last week
- ☆24Updated 11 months ago
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- A rust based DLL injection project☆30Updated 2 years ago
- Donut generator in rust.☆23Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆45Updated last year
- MiniDump a process in memory with rust☆35Updated 3 years ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆12Updated 10 months ago
- really ?☆12Updated 8 months ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆26Updated 2 years ago
- Load a dynamic library from memory using a fuse mount☆28Updated last year
- Disable PPL via custom driver and dump lsass☆13Updated 3 years ago
- An example of COM hijacking using a proxy DLL.☆24Updated 3 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆24Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆30Updated 2 years ago
- ☆21Updated 6 months ago
- CSharp Writeups for HackSys Extreme Vulnerable Driver☆43Updated 2 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆38Updated 6 months ago
- ☆25Updated 3 weeks ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆27Updated 3 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- A PoC packer written in Rust!☆64Updated 2 years ago