This is a repository that is meant to hold detections for various process injection techniques.
☆34Mar 3, 2020Updated 6 years ago
Alternatives and similar repositories for Detecting-Process-Injection-Techniques
Users that are interested in Detecting-Process-Injection-Techniques are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆15Dec 16, 2020Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- ☆13Feb 25, 2021Updated 5 years ago
- Sentinel Guard - Use to build up Honeypot and Honeynet with ZERO cost easily and simply.☆18Jul 25, 2021Updated 4 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Aug 7, 2020Updated 5 years ago
- ☆48Mar 19, 2020Updated 6 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Read Windows message table entries.☆11Feb 5, 2023Updated 3 years ago
- OSSEM Common Data Model☆56Sep 20, 2022Updated 3 years ago
- Crystal Anti-Exploit Protection 2012☆37May 31, 2020Updated 5 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Dec 21, 2022Updated 3 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- API Hammering with C++20☆51Jul 21, 2022Updated 3 years ago
- Links to malware-related YARA rules☆15Sep 29, 2022Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Oct 14, 2020Updated 5 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 4 years ago
- Proof of Concept of TrustZone exploit☆16Aug 10, 2025Updated 7 months ago
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 4 years ago
- ☆14Jun 21, 2020Updated 5 years ago
- Vectored Exception Handling Squared☆31Dec 27, 2025Updated 2 months ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 4 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Mar 23, 2020Updated 6 years ago
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆97Aug 27, 2023Updated 2 years ago
- Released presentations of my talks + code that used during these talks☆15Sep 5, 2024Updated last year
- Powershell / C# based cross platform forensic framework based for live incident response☆23Jul 5, 2020Updated 5 years ago
- ☆24Mar 19, 2020Updated 6 years ago
- ☆18Mar 28, 2023Updated 2 years ago
- ☆24Apr 22, 2025Updated 11 months ago
- ☆43Jul 6, 2022Updated 3 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 6 months ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Dump of organized knowledge on DFIR☆138Oct 4, 2021Updated 4 years ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆73Aug 20, 2025Updated 7 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆216Sep 17, 2019Updated 6 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆198Dec 6, 2022Updated 3 years ago
- Generic and transparent TLS inspection for local programs☆25Oct 24, 2024Updated last year
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆20Oct 2, 2020Updated 5 years ago
- WISKESS automates the Windows evidence processing for Incident Response investigations. Rust version.☆16Oct 16, 2025Updated 5 months ago