SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral analysis of testing specimens. Inspired and based on Lenny Zeltser's collection.
☆70Sep 28, 2021Updated 4 years ago
Alternatives and similar repositories for procmon-filters
Users that are interested in procmon-filters are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident re…☆32Aug 29, 2016Updated 9 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆20Oct 2, 2020Updated 5 years ago
- Another Portable Executable files analysing stuff☆21May 28, 2011Updated 14 years ago
- Remove API hooks from a Beacon process.☆14Sep 18, 2021Updated 4 years ago
- collection of links related to using and improving windbg☆20Jun 17, 2018Updated 7 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Aug 8, 2022Updated 3 years ago
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆15Aug 15, 2022Updated 3 years ago
- Script to parse Process Monitor XML log file, and give you a summary report.☆23May 4, 2016Updated 9 years ago
- Automatically exported from code.google.com/p/hf-2011☆15Feb 12, 2016Updated 10 years ago
- Quickly generate every payload type for each listener and optionally host via HTTP.☆22Aug 23, 2021Updated 4 years ago
- A wrapper for capstone for bearparser☆16Oct 8, 2025Updated 5 months ago
- ☆19Jul 20, 2015Updated 10 years ago
- Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…☆19Feb 2, 2025Updated last year
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- Simple utility to watch directory change notifications on a given path☆20Oct 6, 2017Updated 8 years ago
- A simple tool to manipulate window objects in Windows☆45Dec 22, 2016Updated 9 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- ☆23Feb 3, 2021Updated 5 years ago
- ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…☆41Jun 6, 2023Updated 2 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 7 years ago
- ☆18May 31, 2022Updated 3 years ago
- Cmdlets for capturing Windows Events☆14Mar 11, 2022Updated 4 years ago
- Utterly simple NTFS Journal dumping utility. Handy when it comes to Computer Forensics and Malware Forensics Ops.☆38Mar 21, 2016Updated 10 years ago
- Parses RecentFileCacheParser.bcf files☆30Feb 2, 2025Updated last year
- Parse Microsoft shim databases☆32Jan 8, 2025Updated last year
- An open source library for operating the Windows Overlay Filter driver.☆22Jan 16, 2019Updated 7 years ago
- BYOVD collection☆24Mar 20, 2024Updated 2 years ago
- Minimal Intervention and Software Transformation - PoC Packer designed for AV detection bypass☆18Nov 4, 2017Updated 8 years ago
- 新的注入方式☆11Sep 30, 2018Updated 7 years ago
- Solutions to the RPISEC MBE / Modern Binary Exploitation VM & course.☆22Feb 5, 2017Updated 9 years ago
- RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the …☆10Jul 1, 2015Updated 10 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆15Nov 6, 2017Updated 8 years ago
- Rust-based password mutator for brute force attacks☆13Mar 21, 2025Updated last year
- MAL-CL (Malicious Command-Line)☆322Jan 10, 2023Updated 3 years ago
- Dodgy reflective DLL injector PoC for 32-bit Windows☆17Aug 20, 2018Updated 7 years ago
- XOR Key Extractor☆51Aug 10, 2024Updated last year
- Actionable analytics designed to combat threats based on MITRE's ATT&CK.☆23Aug 21, 2019Updated 6 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆19Mar 3, 2016Updated 10 years ago