Alternatives and similar repositories for sysmon-indepth

Users that are interested in sysmon-indepth are comparing it to the libraries listed below

• codewhitesec / SysmonEnte
  ☆78Updated 3 years ago
• Kudaes / CustomEntryPoint
  Select any exported function in a dll as the new dll's entry point.
  ☆82Updated last year
• joe-desimone / patriot
  ☆153Updated 3 years ago
• gatariee / ldrgen
  Template-based generation of shellcode loaders
  ☆80Updated last year
• 3gstudent / ntfsDump
  Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
  ☆119Updated 4 years ago
• tijme / amd-ryzen-master-driver-v17-exploit
  Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).
  ☆154Updated 3 years ago
• Kudaes / Bin-Finder
  Detect EDR's exceptions by inspecting processes' loaded modules
  ☆130Updated last year
• Maldev-Academy / PrefetchFileParser
  A lightweight Windows Prefetch file parser to extract programs' execution history
  ☆62Updated 3 weeks ago
• CymulateResearch / Blindside
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆134Updated 3 years ago
• WithSecureLabs / TickTock
  ☆113Updated 3 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆44Updated 2 years ago
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Updated 2 years ago
• gavz / s4killer
  ☆20Updated 2 years ago
• SafeBreach-Labs / MagicDot
  A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue
  ☆107Updated last year
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆118Updated 3 years ago
• aancw / DllProxy-rs
  Rust Implementation of SharpDllProxy for DLL Proxying Technique
  ☆29Updated 3 years ago
• NUL0x4C / EtwSessionHijacking
  A Poc on blocking Procmon from monitoring network events
  ☆111Updated 6 months ago
• jonny-jhnson / RandomPOCs
  Repo that holds random POCs
  ☆52Updated 2 years ago
• nccgroup / DetectWindowsCopyOnWriteForAPI
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆202Updated 4 years ago
• SafeBreach-Labs / CortexVortex
  ☆80Updated last year
• oldboy21 / SWAPPALA
  In-memory hiding technique
  ☆63Updated last year
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆136Updated 3 years ago
• susMdT / effective-waffle
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69Updated 2 years ago
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆72Updated 3 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆66Updated 3 years ago
• yamakadi / ldr
  A work in progress BOF/COFF loader in Rust
  ☆50Updated 2 years ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Updated 3 years ago
• thiagopeixoto / massayo
  Massayo is a small proof-of-concept Rust library which removes AV/EDR hooks in a given system DLL
  ☆64Updated 3 years ago
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83Updated 2 years ago
• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆70Updated 4 years ago