jonny-jhnson / JonMon-LiteLinks
☆46Updated 4 months ago
Alternatives and similar repositories for JonMon-Lite
Users that are interested in JonMon-Lite are comparing it to the libraries listed below
Sorting:
- a tiny program to consume from ETW providers for research☆52Updated 9 months ago
- ☆45Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆74Updated 3 years ago
- ☆30Updated 2 months ago
- ☆23Updated last year
- ☆33Updated 3 years ago
- macOS dylib stager☆36Updated 9 months ago
- example using NtCreateUserProcess in rust☆19Updated 9 months ago
- Blog/Journal on how to backdoor VSCode extensions☆74Updated 3 months ago
- ☆77Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆17Updated last year
- POC tool to abuse windows server failover clusters☆45Updated 2 months ago
- Extract the Procedures (TTP) from CTI reports☆12Updated 4 months ago
- ☆31Updated 10 months ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 3 years ago
- Repo containing my public talks☆23Updated 2 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Updated 8 months ago
- Attack chain emulator. Write recipes for initial access easily☆22Updated 7 months ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 3 years ago
- ☆23Updated last year
- Simple and sane cryptographic wrapper library.☆27Updated 2 years ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆46Updated 2 years ago
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆42Updated this week
- ☆14Updated last year
- AutoRMM is a collection of scripts and instructions we are organizing, to test delivery mechanisms for RMM and screen sharing tools, alo…☆89Updated 2 months ago
- ☆21Updated 2 months ago
- Parse SDDL strings☆36Updated last year
- Self Delete DLL☆23Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated last year