Alternatives and similar repositories for sysmon-indepth

Users that are interested in sysmon-indepth are comparing it to the libraries listed below

• gavz / s4killer
  ☆18Updated last year
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Updated 2 years ago
• wolfcod / beacondbg
  Beacon Debugger
  ☆54Updated 10 months ago
• yamakadi / ldr
  A work in progress BOF/COFF loader in Rust
  ☆51Updated 2 years ago
• jonny-jhnson / RandomPOCs
  Repo that holds random POCs
  ☆51Updated last year
• florianib / rusty_drivers
  BYOVD collection
  ☆23Updated last year
• nand0san / av_detect
  This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of r…
  ☆49Updated last year
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆101Updated 2 years ago
• aahmad097 / Test004
  Persistence via Shell Extensions
  ☆62Updated 2 years ago
• eladshamir / SharpElevator
  SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…
  ☆58Updated 3 years ago
• postrequest / donut-rs
  Donut generator in rust.
  ☆28Updated 3 years ago
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆64Updated 2 years ago
• Cobalt-Strike / obfuscator-llvm
  ☆57Updated last year
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆71Updated 3 years ago
• gatariee / ldrgen
  Template-based generation of shellcode loaders
  ☆79Updated last year
• Octoberfest7 / Mutants_Sessions_Self-Deletion
  Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.
  ☆127Updated 3 years ago
• Shrfnt77 / DynamicSyscalls
  DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)
  ☆66Updated 2 years ago
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83Updated 2 years ago
• oldboy21 / SWAPPALA
  In-memory hiding technique
  ☆57Updated 7 months ago
• timwhitez / AddressOfEntryPoint-injection
  x64 version
  ☆37Updated 3 years ago
• WithSecureLabs / TickTock
  ☆112Updated 2 years ago
• trustedsec / Windows-MS-LSAT-RPC-Example
  Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
  ☆26Updated last year
• OtterHacker / CoffLoader
  ☆55Updated 2 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆46Updated 2 years ago
• brett-fitz / pyMalleableProfileParser
  Parses Cobalt Strike malleable C2 profiles.
  ☆58Updated 2 weeks ago
• Allevon412 / PPL_Sandboxer
  ☆82Updated 3 years ago
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆37Updated 2 years ago
• Kudaes / RustHollow
  Inject a shellcode in a remote process using Process Hollowing.
  ☆54Updated 3 years ago
• Ap3x / COFF-Loader
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆54Updated last year