huntandhackett / sysmon-indepth
Understanding the operation and limitations of Sysmon's events
☆13Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for sysmon-indepth
- A COFF Loader written in Rust☆26Updated 3 weeks ago
- example using NtCreateUserProcess in rust☆15Updated last week
- An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.☆15Updated 5 months ago
- A rust based DLL injection project☆30Updated 2 years ago
- ☆24Updated last year
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- Donut generator in rust.☆23Updated 2 years ago
- MiniDump a process in memory with rust☆35Updated 3 years ago
- rekk is set of tools written in Rust to obfuscate ELF & PE executables with nanomites.☆28Updated last year
- Load a dynamic library from memory using a fuse mount☆29Updated last year
- Reflective DLL self-loading as a library☆19Updated last year
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆45Updated last year
- Disable PPL via custom driver and dump lsass☆13Updated 3 years ago
- really ?☆12Updated 8 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆12Updated 10 months ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆24Updated 10 months ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆26Updated 2 years ago
- CSharp Writeups for HackSys Extreme Vulnerable Driver☆43Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Extract data of TTD trace file to a minidump☆28Updated last year
- ☆22Updated last year
- ☆24Updated 3 years ago
- In-memory hiding technique☆42Updated 5 months ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆53Updated 2 years ago
- Playing with PE's and Building Structures by Hand☆22Updated 2 years ago
- ☆12Updated last year
- Windows PDB Parser using Imagehlp library.☆16Updated 2 years ago