mandiant / SilkETW
☆757Updated last year
Alternatives and similar repositories for SilkETW:
Users that are interested in SilkETW are comparing it to the libraries listed below
- PowerShell Obfuscation Detection Framework☆730Updated last year
- PowerShell script for deobfuscating encoded PowerShell scripts☆424Updated 4 years ago
- ☆468Updated last year
- View ETW Provider manifest☆461Updated 4 months ago
- Evade sysmon and windows event logging☆615Updated 4 years ago
- Live hunting of code injection techniques☆379Updated 5 years ago
- PowerShell Remote Download Cradle Generator & Obfuscator☆828Updated 6 years ago
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆794Updated 2 months ago
- Expriments☆452Updated 5 months ago
- Executes PowerShell from an unmanaged process☆483Updated 8 years ago
- ☆426Updated last year
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆576Updated 10 months ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆419Updated 4 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆286Updated 10 months ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,516Updated 4 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆487Updated 2 years ago
- Tool Analysis Result Sheet☆347Updated 7 years ago
- ☆2,058Updated 2 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆782Updated 4 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆732Updated 11 months ago
- Event Tracing For Windows (ETW) Resources☆362Updated 5 months ago
- Token Privilege Research☆807Updated 7 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆911Updated last year
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,134Updated 3 years ago
- ☆479Updated 7 years ago
- C# based evtx parser with lots of extras☆290Updated last month
- Misc Threat Hunting Resources☆373Updated 2 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆421Updated last year
- ☆1,446Updated last year
- Process Injection☆758Updated 3 years ago