mattifestation / MSFTTraceMessageFormatLinks
All TMF files that I extracted from Microsoft PDBs.
☆13Updated 6 years ago
Alternatives and similar repositories for MSFTTraceMessageFormat
Users that are interested in MSFTTraceMessageFormat are comparing it to the libraries listed below
Sorting:
- ☆52Updated 6 years ago
- Shim database persistence (Fin7 TTP)☆37Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- Reflective Polymorphism☆105Updated 7 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆38Updated 7 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 8 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 5 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆138Updated 8 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- SilkETW & SilkService☆40Updated 5 years ago
- windows-operating-system-archaeology @Enigma0x3 @subTee☆46Updated 8 years ago
- PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.☆151Updated 6 years ago
- DotNext 2019 St. Petersburg Talk Demos☆40Updated 6 years ago
- Tool to decompress data from Windows 10 page files and memory dumps, that has been compressed by the Windows 10 memory manager.☆51Updated 6 years ago
- ☆60Updated 5 years ago
- gpocheck☆30Updated 11 months ago
- Documentation and supporting script sample for Windows Exploit Guard☆157Updated 3 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Updated 5 years ago
- Test if an antivirus is installed via the resolution of the service virtual SID☆56Updated 5 years ago
- ☆11Updated 5 years ago
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆43Updated 4 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆31Updated 4 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆86Updated 7 years ago
- Binary commandline executable to parse ETL files☆67Updated 7 years ago
- ☆64Updated 9 years ago
- Tool for injecting a "TCP Relay" managed assembly into an unmanaged process☆65Updated 6 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 4 years ago
- Advanced Portable Executable File Analyzer And Disassembler 32 & 64 Bit☆100Updated 6 years ago
- A Generic Windows Memory Scraping Tool☆71Updated 8 years ago