Understanding the operation and limitations of Sysmon's events
☆23Sep 15, 2022Updated 3 years ago
Alternatives and similar repositories for sysmon-indepth
Users that are interested in sysmon-indepth are comparing it to the libraries listed below
Sorting:
- Incident Response automation scripts☆16Sep 5, 2025Updated 6 months ago
- A console tool for inspecting Windows Ancillary Function Driver sockets☆21May 15, 2025Updated 9 months ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- 浏览器数据清除脚本,可以检查浏览器中有没有存储特定网址的密码,然后实行数据的清除,主要是用于攻防演练中蓝队防止钓鱼获取浏览器密码。☆18Jul 8, 2024Updated last year
- VCL-based UI components for system tools that use NtUtilsLibrary☆21Updated this week
- A minimalistic logger for Windows Kernel Drivers.☆25Mar 8, 2024Updated last year
- The Definitive Guide To Process Cloning on Windows☆543Jan 3, 2024Updated 2 years ago
- 一款微信小程序源码包信息收集工具,根据已有项目改编☆24Feb 11, 2025Updated last year
- ScrapeAW is a framework that without API scrape IPs across the world using Shodan☆11May 16, 2024Updated last year
- 基于Java开发的代码字符串搜索工具,用于辅助快速代码审计,筛选危险方法名称搜索代码中可能存在的漏洞☆37Oct 10, 2025Updated 4 months ago
- ☆29Nov 22, 2023Updated 2 years ago
- My BloodHound custom queries☆26Jan 10, 2023Updated 3 years ago
- Old home of LimaCharlie, open source EDR☆32Sep 4, 2023Updated 2 years ago
- Repository for archiving Cobalt Strike configuration☆36Feb 26, 2026Updated last week
- Sysmon shenanigans☆66Oct 9, 2020Updated 5 years ago
- ☆71Feb 6, 2025Updated last year
- ☆29Sep 18, 2015Updated 10 years ago
- Python wrappers for mal_unpack☆37Sep 19, 2023Updated 2 years ago
- Windows Sandbox Framework☆40Dec 31, 2021Updated 4 years ago
- Static library and headers for linking your software with ntdll.dll☆37Dec 16, 2019Updated 6 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆223Aug 12, 2022Updated 3 years ago
- RDPThief donut shellcode inject into mstsc☆88May 24, 2021Updated 4 years ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35May 21, 2025Updated 9 months ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- This code bypass AMSI by setting JE instruction to JNE in assembly of amsi.dll file☆37Mar 10, 2023Updated 2 years ago
- A simple way to spoof return addresses using an exception handler☆43Aug 3, 2022Updated 3 years ago
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- Script to sync Google Forms to Fusion Tables, updated from Google's version☆10Dec 17, 2014Updated 11 years ago
- ☆12Jun 22, 2021Updated 4 years ago
- Impacket is a collection of Python classes for working with network protocols.☆11Jul 5, 2023Updated 2 years ago
- media extruding on node.js☆21Oct 31, 2011Updated 14 years ago
- Completely strips digital signatures from executables (.exe, .dll, .sys, .drv...) and fixes issues preventing resigning☆16Oct 19, 2025Updated 4 months ago
- ☆12May 30, 2019Updated 6 years ago
- Ransomware dataset, containing dynamic behaviour of more than 60 distinct ransomware families.☆10Aug 29, 2022Updated 3 years ago
- Perform file-based malware scan on your on-prem servers with AWS☆14Oct 31, 2023Updated 2 years ago
- JustGetDA, a cheat sheet which will aid you through internal network & red team engagements.☆13Jul 24, 2023Updated 2 years ago
- Source code for TMS WEB Core 2nd Edition☆12Apr 16, 2024Updated last year
- Cuckoo Sandbox report parser into ransomware classifier☆11Feb 14, 2019Updated 7 years ago
- In this training will be covered about a very basic step for malware analysis. Using several free tools to recognize malware behavior. Si…☆12May 25, 2016Updated 9 years ago