Alternatives and similar repositories for SilkETW:

Users that are interested in SilkETW are comparing it to the libraries listed below

• mandiant / DueDLLigence
  ☆465Updated last year
• mvelazc0 / PurpleSharp
  PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…
  ☆794Updated 2 months ago
• danielbohannon / Revoke-Obfuscation
  PowerShell Obfuscation Detection Framework
  ☆729Updated last year
• DissectMalware / XLMMacroDeobfuscator
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆575Updated 9 months ago
• R3MRUM / PSDecode
  PowerShell script for deobfuscating encoded PowerShell scripts
  ☆424Updated 4 years ago
• zeronetworks / rpcfirewall
  ☆492Updated 2 months ago
• nasbench / EVTX-ETW-Resources
  Event Tracing For Windows (ETW) Resources
  ☆362Updated 4 months ago
• 3lp4tr0n / BeaconHunter
  Detect and respond to Cobalt Strike beacons using ETW.
  ☆486Updated 2 years ago
• bats3c / Ghost-In-The-Logs
  Evade sysmon and windows event logging
  ☆614Updated 4 years ago
• mitre-attack / attack-arsenal
  A collection of red team and adversary emulation resources developed and released by MITRE.
  ☆498Updated 3 years ago
• leechristensen / UnmanagedPowerShell
  Executes PowerShell from an unmanaged process
  ☆481Updated 8 years ago
• JPCERTCC / ToolAnalysisResultSheet
  Tool Analysis Result Sheet
  ☆347Updated 7 years ago
• EricZimmerman / evtx
  C# based evtx parser with lots of extras
  ☆289Updated 2 weeks ago
• mandiant / flare-wmi
  ☆422Updated last year
• FuzzySecurity / Sharp-Suite
  Also known by Microsoft as Knifecoat
  ☆1,123Updated 2 years ago
• jxy-s / herpaderping
  Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…
  ☆1,123Updated last year
• zodiacon / EtwExplorer
  View ETW Provider manifest
  ☆455Updated 3 months ago
• MHaggis / sysmon-dfir
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆910Updated last year
• danielbohannon / Invoke-CradleCrafter
  PowerShell Remote Download Cradle Generator & Obfuscator
  ☆826Updated 6 years ago
• jdu2600 / Windows10EtwEvents
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆286Updated 9 months ago
• forrest-orr / moneta
  Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
  ☆731Updated 11 months ago
• nshalabi / SysmonTools
  Utilities for Sysmon
  ☆1,501Updated 8 months ago
• ION28 / BLUESPAWN
  An Active Defense and EDR software to empower Blue Teams
  ☆1,255Updated last year
• outflanknl / Dumpert
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,509Updated 4 years ago
• StrangerealIntel / CyberThreatIntel
  Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
  ☆707Updated 2 years ago
• Apr4h / CobaltStrikeScan
  Scan files or process memory for CobaltStrike beacons and parse their configuration
  ☆907Updated 3 years ago
• JPCERTCC / SysmonSearch
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆419Updated last year
• advanced-threat-research / Yara-Rules
  Repository of YARA rules made by Trellix ATR Team
  ☆576Updated last year
• mandiant / capa-rules
  Standard collection of rules for capa: the tool for enumerating the capabilities of programs
  ☆566Updated 2 weeks ago
• michaelweber / Macrome
  Excel Macro Document Reader/Writer for Red Teamers & Analysts
  ☆515Updated 3 years ago