SysmonX - An Augmented Drop-In Replacement of Sysmon
☆216Sep 17, 2019Updated 6 years ago
Alternatives and similar repositories for sysmonx
Users that are interested in sysmonx are comparing it to the libraries listed below
Sorting:
- ☆174Sep 9, 2020Updated 5 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- Live hunting of code injection techniques☆385Aug 22, 2019Updated 6 years ago
- Utilities for Sysmon☆1,573Sep 21, 2025Updated 5 months ago
- ☆14Mar 8, 2019Updated 6 years ago
- Process Monitor X v2☆648Jan 22, 2024Updated 2 years ago
- Kernel Pool Monitor☆127Mar 6, 2022Updated 3 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223May 1, 2021Updated 4 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- Open Source EDR for Windows☆1,297Feb 25, 2023Updated 3 years ago
- A YARA-integrated process denial framework for Windows☆398Feb 15, 2020Updated 6 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆753Dec 15, 2025Updated 2 months ago
- ☆69Mar 3, 2022Updated 4 years ago
- Open EDR public repository☆2,608Jan 13, 2024Updated 2 years ago
- Hades HIDS/HIPS for Windows☆307Oct 10, 2025Updated 4 months ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago
- Sysmon shenanigans☆66Oct 9, 2020Updated 5 years ago
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆431May 22, 2020Updated 5 years ago
- HTTP/HTTPS/DNS inspector (windows driver)☆27Feb 20, 2019Updated 7 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- A wireshark plugin to instrument ETW☆579Jan 28, 2022Updated 4 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Silencing Sysmon via driver unload☆235Oct 13, 2022Updated 3 years ago
- Windows CVE主防(HIPS/HIDS)☆57Apr 29, 2021Updated 4 years ago
- Detecting execution of kernel memory where is not backed by any image file☆261Jul 11, 2018Updated 7 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- Static library and headers for linking your software with ntdll.dll☆37Dec 16, 2019Updated 6 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- Automatically exported from code.google.com/p/hf-2011☆15Feb 12, 2016Updated 10 years ago
- Sysmon-Like research tool for ETW☆386Nov 15, 2022Updated 3 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆785Feb 22, 2026Updated last week
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- Advanced driver monitoring utility.☆219Jul 13, 2022Updated 3 years ago
- DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior☆280Nov 3, 2019Updated 6 years ago