Alternatives and similar repositories for sysmon-indepth

Users that are interested in sysmon-indepth are comparing it to the libraries listed below

• codewhitesec / SysmonEnte
  ☆78Updated 3 years ago
• Kudaes / CustomEntryPoint
  Select any exported function in a dll as the new dll's entry point.
  ☆82Updated last year
• Maldev-Academy / PrefetchFileParser
  A lightweight Windows Prefetch file parser to extract programs' execution history
  ☆49Updated 3 weeks ago
• gavz / s4killer
  ☆20Updated 2 years ago
• yamakadi / ldr
  A work in progress BOF/COFF loader in Rust
  ☆50Updated 2 years ago
• jonny-jhnson / RandomPOCs
  Repo that holds random POCs
  ☆52Updated 2 years ago
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆118Updated 3 years ago
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆76Updated 2 years ago
• gatariee / ldrgen
  Template-based generation of shellcode loaders
  ☆80Updated last year
• joe-desimone / patriot
  ☆153Updated 3 years ago
• CymulateResearch / Blindside
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆133Updated 3 years ago
• NUL0x4C / EtwSessionHijacking
  A Poc on blocking Procmon from monitoring network events
  ☆111Updated 5 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆44Updated 2 years ago
• Kudaes / Bin-Finder
  Detect EDR's exceptions by inspecting processes' loaded modules
  ☆130Updated last year
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆81Updated 4 years ago
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Updated 2 years ago
• susMdT / effective-waffle
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69Updated 2 years ago
• preludeorg / ThreatIntelligenceConsumer
  Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…
  ☆60Updated 2 weeks ago
• jonny-jhnson / LDAPMon
  ☆46Updated 2 years ago
• scrt / avdebugger
  ☆101Updated 3 years ago
• elastic / PPLGuard
  ☆70Updated last year
• WithSecureLabs / TickTock
  ☆113Updated 3 years ago
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆72Updated 3 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆65Updated 2 years ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Updated 3 years ago
• florianib / rusty_drivers
  BYOVD collection
  ☆24Updated last year
• ZeroMemoryEx / Overlord
  abusing Process Hacker driver to terminate other processes (BYOVD)
  ☆83Updated 2 years ago
• 3gstudent / ntfsDump
  Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
  ☆119Updated 4 years ago
• aancw / DllProxy-rs
  Rust Implementation of SharpDllProxy for DLL Proxying Technique
  ☆29Updated 3 years ago
• postrequest / donut-rs
  Donut generator in rust.
  ☆28Updated 3 years ago