This is a repository that is meant to hold detections for various process injection techniques.
☆34Mar 3, 2020Updated 6 years ago
Alternatives and similar repositories for Detecting-Process-Injection-Techniques
Users that are interested in Detecting-Process-Injection-Techniques are comparing it to the libraries listed below
Sorting:
- ☆15Dec 16, 2020Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- ☆48Mar 19, 2020Updated 5 years ago
- API Hammering with C++20☆50Jul 21, 2022Updated 3 years ago
- collection of code snippets,windbg,python scripts and resources☆13Jul 11, 2022Updated 3 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Released presentations of my talks + code that used during these talks☆15Sep 5, 2024Updated last year
- ☆13Feb 25, 2021Updated 5 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- Automatic detection engineering technical state compliance☆55Jul 7, 2024Updated last year
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Sentinel Guard - Use to build up Honeypot and Honeynet with ZERO cost easily and simply.☆18Jul 25, 2021Updated 4 years ago
- ☆15Mar 13, 2023Updated 2 years ago
- ☆14Jun 21, 2020Updated 5 years ago
- Proof of Concept of TrustZone exploit☆16Aug 10, 2025Updated 6 months ago
- ☆18Mar 28, 2023Updated 2 years ago
- Links to malware-related YARA rules☆15Sep 29, 2022Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Dec 21, 2022Updated 3 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Aug 7, 2020Updated 5 years ago
- dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?☆18Jun 24, 2020Updated 5 years ago
- ☆43Jul 6, 2022Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- Simple python script to evade antiviruses on fully patched and updated Windows environments using a py2exe.☆20Oct 24, 2022Updated 3 years ago
- Vectored Exception Handling Squared☆29Dec 27, 2025Updated 2 months ago
- ☆24Aug 27, 2021Updated 4 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Mar 23, 2020Updated 5 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆169Sep 8, 2025Updated 5 months ago
- Repository for my ATT&CK analysis research.☆71May 16, 2019Updated 6 years ago
- ☆39Jun 28, 2019Updated 6 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆21May 25, 2021Updated 4 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- Minimalist Custom .NET Core Garbage Collector☆23Jun 15, 2020Updated 5 years ago
- Experimental Windows .text section Patch Detector☆22Jan 26, 2015Updated 11 years ago
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 3 years ago
- ☆22May 29, 2020Updated 5 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago