mandiant / SilkETWLinks
☆778Updated 2 years ago
Alternatives and similar repositories for SilkETW
Users that are interested in SilkETW are comparing it to the libraries listed below
Sorting:
- PowerShell Obfuscation Detection Framework☆740Updated last year
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆817Updated 7 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- View ETW Provider manifest☆520Updated 9 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆583Updated last year
- A wireshark plugin to instrument ETW☆561Updated 3 years ago
- ☆520Updated last month
- Event Tracing For Windows (ETW) Resources☆393Updated 10 months ago
- C# based evtx parser with lots of extras☆316Updated last month
- ☆427Updated 2 years ago
- All sysmon event types and their fields explained☆554Updated 3 years ago
- Utilities for Sysmon☆1,533Updated 5 months ago
- Evade sysmon and windows event logging☆626Updated 5 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆504Updated 3 years ago
- ☆474Updated 2 years ago
- A collection of red team and adversary emulation resources developed and released by MITRE.☆515Updated 4 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆922Updated last year
- Tool Analysis Result Sheet☆355Updated 7 years ago
- An Active Defense and EDR software to empower Blue Teams☆1,282Updated last year
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆447Updated 2 years ago
- Executes PowerShell from an unmanaged process☆498Updated 9 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆422Updated last year
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆303Updated last year
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆705Updated last month
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆808Updated last year
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆610Updated 2 weeks ago
- Also known by Microsoft as Knifecoat☆1,137Updated 2 years ago
- ☆491Updated 7 years ago
- Live hunting of code injection techniques☆383Updated 5 years ago
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆710Updated 2 years ago