mandiant / SilkETW
☆760Updated last year
Alternatives and similar repositories for SilkETW:
Users that are interested in SilkETW are comparing it to the libraries listed below
- ☆468Updated last year
- PowerShell Obfuscation Detection Framework☆730Updated last year
- ☆498Updated 3 months ago
- View ETW Provider manifest☆465Updated 4 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- ☆427Updated last year
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆912Updated last year
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆796Updated 3 months ago
- Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)☆346Updated 7 years ago
- Executes PowerShell from an unmanaged process☆486Updated 9 years ago
- Event Tracing For Windows (ETW) Resources☆365Updated 5 months ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆449Updated 2 years ago
- Tool Analysis Result Sheet☆347Updated 7 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆577Updated 10 months ago
- Also known by Microsoft as Knifecoat☆1,128Updated 2 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆786Updated 4 years ago
- PowerShell Remote Download Cradle Generator & Obfuscator☆832Updated 7 years ago
- A collection of red team and adversary emulation resources developed and released by MITRE.☆498Updated 3 years ago
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆707Updated 2 years ago
- SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader☆1,251Updated 5 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆289Updated 10 months ago
- Live hunting of code injection techniques☆379Updated 5 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆568Updated this week
- Detect and respond to Cobalt Strike beacons using ETW.☆488Updated 2 years ago
- SharpWMI is a C# implementation of various WMI functionality.☆757Updated 4 years ago
- Process Injection☆758Updated 3 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆618Updated 4 months ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,521Updated 4 years ago
- Misc Threat Hunting Resources☆374Updated 2 years ago
- ☆482Updated 7 years ago