mattifestation / BHUSA2018_SysmonLinks
All materials from our Black Hat 2018 "Subverting Sysmon" talk
☆135Updated 6 years ago
Alternatives and similar repositories for BHUSA2018_Sysmon
Users that are interested in BHUSA2018_Sysmon are comparing it to the libraries listed below
Sorting:
- ☆108Updated 8 years ago
- ☆59Updated 6 years ago
- IR-Tools - PowerShell tools for IR☆130Updated 7 years ago
- ☆97Updated 9 years ago
- Sysmon config for both Windows and Linux Devices. Windows one is a bit dated☆57Updated 11 months ago
- The Outlook HTML Leak Test Project☆131Updated 7 years ago
- Dashboarding and Tooling front-end for PowerShell Empire using PowerShell Universal Dashboard☆104Updated 6 years ago
- ☆52Updated 6 years ago
- Credit to Helge Klein - https://helgeklein.com/blog/2015/02/creating-realistic-test-user-accounts-active-directory/☆69Updated 7 years ago
- Materials of Workshop presented at DEFCON 25☆108Updated 7 years ago
- All the Power with no Shell☆36Updated 3 years ago
- Repository for my ATT&CK analysis research.☆69Updated 6 years ago
- Generate ATT&CK Navigator layer file from PowerShell Empire agent logs☆49Updated 6 years ago
- A collection of scripts to initialize a windows VM to run all the malwares!☆106Updated 5 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- ☆41Updated 7 years ago
- ☆114Updated 8 years ago
- Development guide for Volatility Plugins☆23Updated 7 years ago
- Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs☆42Updated 6 years ago
- Powershell Empire Persistence finder☆119Updated 8 years ago
- Useful Threat Hunting Stuff☆33Updated 4 years ago
- Sandbox feature upgrade with the help of wrapped samples☆76Updated 6 years ago
- PowerShell No Agent Hunting☆110Updated 7 years ago
- Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)☆104Updated 4 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.☆170Updated 4 months ago
- A collection of PowerShell Modules for BloodHound/Empire Orchestration☆106Updated 7 years ago
- SilkETW & SilkService☆40Updated 5 years ago
- Open Source Office Malware Generation & Polymorphic Engine for Red Teams and QA testing☆95Updated 8 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆104Updated 7 years ago