huntandhackett / sysmon-indepthLinks
Understanding the operation and limitations of Sysmon's events
☆19Updated 2 years ago
Alternatives and similar repositories for sysmon-indepth
Users that are interested in sysmon-indepth are comparing it to the libraries listed below
Sorting:
- ☆18Updated last year
- A work in progress BOF/COFF loader in Rust☆50Updated 2 years ago
- BYOVD collection☆23Updated last year
- Donut generator in rust.☆27Updated 3 years ago
- ☆17Updated 10 months ago
- Beacon Debugger☆40Updated 7 months ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆54Updated 2 years ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆44Updated this week
- Indirect NT syscalls LSASS dumper.☆45Updated last year
- In-memory hiding technique☆54Updated 5 months ago
- Repo that holds random POCs☆51Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆100Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆71Updated 2 months ago
- ☆36Updated 2 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆64Updated last month
- Linker for Beacon Object Files☆116Updated this week
- early cascade injection PoC based on Outflanks blog post, in rust☆59Updated 7 months ago
- ☆43Updated last year
- Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library☆31Updated 2 years ago
- Persistence via Shell Extensions☆61Updated last year
- ☆40Updated 2 years ago
- Artemis - C++ Hell's Gate Syscall Implementation☆33Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆57Updated 3 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago