jonny-jhnson/JonMon external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

jonny-jhnson/JonMon

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/jonny-jhnson/JonMon)

Close

jonny-jhnson / JonMonView on GitHubMore

• External links
• Readme badge

☆253Jun 7, 2025Updated 10 months ago

Alternatives and similar repositories for JonMon

Users that are interested in JonMon are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• jonny-jhnson / ETWInspector

  View on GitHub
  ☆184Apr 24, 2025Updated 11 months ago
• pathtofile / SealighterTI

  View on GitHub
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆198Dec 6, 2022Updated 3 years ago
• jonny-jhnson / TelemetrySource

  View on GitHub
  ☆261May 9, 2024Updated last year
• pathtofile / Sealighter

  View on GitHub
  Sysmon-Like research tool for ETW
  ☆386Nov 15, 2022Updated 3 years ago
• DebugPrivilege / InsightEngineering

  View on GitHub
  Hardcore Debugging
  ☆936Apr 9, 2026Updated last week
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• cyberark / PipeViewer

  View on GitHub
  A tool that shows detailed information about named pipes in Windows
  ☆740Nov 15, 2024Updated last year
• susMdT / ForsHops

  View on GitHub
  ForsHops
  ☆59Mar 25, 2025Updated last year
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆173May 17, 2023Updated 2 years ago
• mvelazc0 / msInvader

  View on GitHub
  M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…
  ☆325Oct 12, 2025Updated 6 months ago
• rad9800 / WTSRM2

  View on GitHub
  ☆163Dec 30, 2022Updated 3 years ago
• joe-desimone / patriot

  View on GitHub
  ☆158Jul 31, 2022Updated 3 years ago
• Xacone / BestEdrOfTheMarket

  View on GitHub
  EDR Lab for Experimentation Purposes
  ☆1,427Mar 1, 2026Updated last month
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆673Dec 23, 2022Updated 3 years ago
• ElliotKillick / LdrLockLiberator

  View on GitHub
  For when DLLMain is the only way
  ☆426Oct 29, 2024Updated last year
• jdu2600 / Etw-SyscallMonitor

  View on GitHub
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆89May 17, 2023Updated 2 years ago
• tsale / EDR-Telemetry

  View on GitHub
  This project aims to compare and evaluate the telemetry of various EDR products.
  ☆1,945Mar 26, 2026Updated 3 weeks ago
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• dobin / RedEdr

  View on GitHub
  Collect Windows telemetry for Maldev
  ☆469Jan 30, 2026Updated 2 months ago
• jonny-jhnson / LDAPMon

  View on GitHub
  ☆47Oct 27, 2023Updated 2 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆413Jan 11, 2026Updated 3 months ago
• bohops / UltimateWDACBypassList

  View on GitHub
  A centralized resource for previously documented WDAC bypass techniques
  ☆616Sep 8, 2025Updated 7 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• dsnezhkov / shutter

  View on GitHub
  ☆124May 12, 2021Updated 4 years ago
• zeronetworks / ldapfw

  View on GitHub
  Protect your Domain Controllers by auditing and restricting LDAP requests
  ☆182May 29, 2025Updated 10 months ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• jonny-jhnson / Windows-API-To-Sysmon-Events

  View on GitHub
  A repository that maps API calls to Sysmon Event ID's.
  ☆121Nov 14, 2022Updated 3 years ago
• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆136Dec 14, 2023Updated 2 years ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆694Oct 23, 2024Updated last year
• EvanMcBroom / lsa-whisperer

  View on GitHub
  Tools for interacting with authentication packages using their individual message protocols
  ☆433Apr 1, 2026Updated 2 weeks ago
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆263Apr 19, 2024Updated 2 years ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆201Jan 13, 2022Updated 4 years ago
• jaredcatkinson / MalwareMorphology

  View on GitHub
  ☆83Nov 21, 2024Updated last year
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆115Aug 29, 2022Updated 3 years ago
• netero1010 / EDRSilencer

  View on GitHub
  A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …
  ☆1,856Nov 3, 2024Updated last year
• mandiant / msi-search

  View on GitHub
  ☆290Jul 20, 2023Updated 2 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• trailofbits / RpcInvestigator

  View on GitHub
  Exploring RPC interfaces on Windows
  ☆349Jan 30, 2024Updated 2 years ago