This is a repository that is meant to hold detections for various process injection techniques.
☆34Mar 3, 2020Updated 6 years ago
Alternatives and similar repositories for Detecting-Process-Injection-Techniques
Users that are interested in Detecting-Process-Injection-Techniques are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆16Dec 16, 2020Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Nov 14, 2022Updated 3 years ago
- Sentinel Guard - Use to build up Honeypot and Honeynet with ZERO cost easily and simply.☆18Jul 25, 2021Updated 4 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Read Windows message table entries.☆11Feb 5, 2023Updated 3 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Crystal Anti-Exploit Protection 2012☆37May 31, 2020Updated 6 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Dec 21, 2022Updated 3 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 6 years ago
- Links to malware-related YARA rules☆15Sep 29, 2022Updated 3 years ago
- API Hammering with C++20☆52Jul 21, 2022Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆31Oct 14, 2020Updated 5 years ago
- Automatic detection engineering technical state compliance☆55Jul 7, 2024Updated last year
- Proof of Concept of TrustZone exploit☆16Aug 10, 2025Updated 10 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 4 years ago
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 4 years ago
- ☆14Jun 21, 2020Updated 6 years ago
- ☆53Oct 27, 2018Updated 7 years ago
- Vectored Exception Handling Squared☆30Dec 27, 2025Updated 6 months ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 4 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Mar 23, 2020Updated 6 years ago
- Released presentations of my talks + code that used during these talks☆15Sep 5, 2024Updated last year
- Repository for Cortex XDR and Cortex XSIAM XQL queries and more!☆46Jun 7, 2024Updated 2 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆98Aug 27, 2023Updated 2 years ago
- Powershell / C# based cross platform forensic framework based for live incident response☆23Jul 5, 2020Updated 5 years ago
- ☆24Mar 19, 2020Updated 6 years ago
- ☆18Mar 28, 2023Updated 3 years ago
- ☆24Apr 22, 2025Updated last year
- Repository for my ATT&CK analysis research.☆70May 16, 2019Updated 7 years ago
- ☆43Jul 6, 2022Updated 3 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆168Sep 8, 2025Updated 9 months ago
- Small tool to play with IOCs caused by Imageload events☆45May 14, 2023Updated 3 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- ☆39Jun 28, 2019Updated 7 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆220Sep 17, 2019Updated 6 years ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆91Updated this week
- Generic and transparent TLS inspection for local programs☆26Oct 24, 2024Updated last year
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆21Oct 2, 2020Updated 5 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆206Dec 6, 2022Updated 3 years ago
- Bash script for performing the logical acquisition of Apple Silicon Mac☆18Jun 21, 2024Updated 2 years ago