mandiant / SilkETWLinks
☆782Updated 2 years ago
Alternatives and similar repositories for SilkETW
Users that are interested in SilkETW are comparing it to the libraries listed below
Sorting:
- PowerShell Obfuscation Detection Framework☆745Updated last year
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆822Updated 8 months ago
- View ETW Provider manifest☆526Updated 9 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆583Updated last year
- Evade sysmon and windows event logging☆627Updated 5 years ago
- ☆521Updated 2 months ago
- ☆476Updated 2 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆508Updated 3 years ago
- ☆427Updated 2 years ago
- A wireshark plugin to instrument ETW☆565Updated 3 years ago
- Executes PowerShell from an unmanaged process☆500Updated 9 years ago
- Event Tracing For Windows (ETW) Resources☆395Updated 10 months ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆808Updated 4 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆448Updated 2 years ago
- C# based evtx parser with lots of extras☆318Updated last month
- Utilities for Sysmon☆1,539Updated 5 months ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆924Updated last year
- Live hunting of code injection techniques☆383Updated 6 years ago
- All sysmon event types and their fields explained☆555Updated 3 years ago
- Tool Analysis Result Sheet☆356Updated 7 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,156Updated 2 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆745Updated 3 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆620Updated this week
- ☆494Updated 7 years ago
- A collection of red team and adversary emulation resources developed and released by MITRE.☆517Updated 4 years ago
- Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)☆354Updated 7 years ago
- TrustedSec Sysinternals Sysmon Community Guide☆1,230Updated last month
- Also known by Microsoft as Knifecoat☆1,140Updated 2 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆308Updated last year