mkorman90/sysmon-config-bypass-finder external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mkorman90/sysmon-config-bypass-finder

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mkorman90/sysmon-config-bypass-finder)

Close

mkorman90 / sysmon-config-bypass-finderView on GitHubMore

• External links
• Readme badge

Detect possible sysmon logging bypasses given a specific configuration

☆111Dec 26, 2018Updated 7 years ago

Alternatives and similar repositories for sysmon-config-bypass-finder

Users that are interested in sysmon-config-bypass-finder are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• bats3c / Ghost-In-The-Logs

  View on GitHub
  Evade sysmon and windows event logging
  ☆625Apr 8, 2020Updated 6 years ago
• jnqpblc / Misc-CSharp

  View on GitHub
  Miscellaneous C-Sharp projects for red team activities
  ☆24Aug 12, 2022Updated 3 years ago
• two06 / AMSI_Handler

  View on GitHub
  Automate AV evasion by calling AMSI
  ☆88May 31, 2023Updated 2 years ago
• SecurityJosh / MuteSysmon

  View on GitHub
  A PowerShell script to prevent Sysmon from writing its events
  ☆17Apr 23, 2020Updated 6 years ago
• sud0woodo / DCOMrade

  View on GitHub
  Powershell script for enumerating vulnerable DCOM Applications
  ☆266Nov 30, 2018Updated 7 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• RedLectroid / OutlookSend

  View on GitHub
  A C# tool to send emails through Outlook from the command line or in memory
  ☆32Jun 17, 2020Updated 5 years ago
• secgroundzero / ossem_modular

  View on GitHub
  OSSEM Modular
  ☆27Jun 29, 2020Updated 5 years ago
• FuzzySecurity / BH-Arsenal-2019

  View on GitHub
  SilkETW & SilkService
  ☆40Aug 14, 2019Updated 6 years ago
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆350Mar 19, 2021Updated 5 years ago
• FSecureLABS / SharpGPO-RemoteAccessPolicies

  View on GitHub
  A C# tool for enumerating remote access policies through group policy.
  ☆73Apr 18, 2019Updated 7 years ago
• rvrsh3ll / FlaskRedirectorProtector

  View on GitHub
  Protect your servers with a secret header
  ☆29Jun 12, 2020Updated 5 years ago
• RedLectroid / SearchOutlook

  View on GitHub
  A C# tool to search through a running instance of Outlook for keywords
  ☆111Jan 14, 2021Updated 5 years ago
• mdsecactivebreach / SharpPack

  View on GitHub
  An Insider Threat Toolkit
  ☆156Dec 17, 2018Updated 7 years ago
• panagioto / SharpExchangePriv

  View on GitHub
  A C# implementation of PrivExchange by @_dirkjan.
  ☆155Mar 15, 2019Updated 7 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• matthastings / DSCompromised

  View on GitHub
  ☆98Mar 16, 2016Updated 10 years ago
• mattifestation / PSSysmonTools

  View on GitHub
  Sysmon Tools for PowerShell
  ☆233Aug 17, 2018Updated 7 years ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 4 years ago
• zacbrown / PowerKrabsEtw

  View on GitHub
  PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
  ☆103Nov 17, 2020Updated 5 years ago
• mattifestation / BHUSA2018_Sysmon

  View on GitHub
  All materials from our Black Hat 2018 "Subverting Sysmon" talk
  ☆135Aug 10, 2018Updated 7 years ago
• n0dec / MalwLess

  View on GitHub
  Test Blue Team detections without running any attack.
  ☆272May 2, 2024Updated 2 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,645Apr 4, 2026Updated last month
• checkymander / Carbuncle

  View on GitHub
  Tool for interacting with outlook interop during red team engagements
  ☆145Jun 29, 2021Updated 4 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆940Dec 12, 2023Updated 2 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• praetorian-inc / purple-team-attack-automation

  View on GitHub
  Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
  ☆732Jan 21, 2020Updated 6 years ago
• vysecurity / ANGRYPUPPY

  View on GitHub
  Bloodhound Attack Path Automation in CobaltStrike
  ☆326Apr 26, 2020Updated 6 years ago
• 0xbadjuju / PowerProvider

  View on GitHub
  ☆41Jul 4, 2018Updated 7 years ago
• ReversecLabs / physmem2profit

  View on GitHub
  Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
  ☆424Jul 27, 2022Updated 3 years ago
• jonny-jhnson / Windows-API-To-Sysmon-Events

  View on GitHub
  A repository that maps API calls to Sysmon Event ID's.
  ☆122Nov 14, 2022Updated 3 years ago
• WithSecureLabs / RemotePSpy

  View on GitHub
  RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShel…
  ☆19Mar 12, 2020Updated 6 years ago
• P1CKLES / SharpBox

  View on GitHub
  SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
  ☆110Jan 20, 2021Updated 5 years ago
• jwillyamz / ezEmu

  View on GitHub
  See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
  ☆109Feb 12, 2023Updated 3 years ago
• Soledge / BlockEtw

  View on GitHub
  .Net Assembly to block ETW telemetry in current process
  ☆81May 14, 2020Updated 6 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• outflanknl / Invoke-ADLabDeployer

  View on GitHub
  Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
  ☆495Feb 16, 2019Updated 7 years ago
• jeffjbowie / Weaponry

  View on GitHub
  A collection of various tools for red-teaming exercises. A mix of C#, Powershell, & Python
  ☆107Jul 26, 2024Updated last year
• 001SPARTaN / csfm

  View on GitHub
  Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
  ☆65Dec 27, 2017Updated 8 years ago
• ztgrace / red_team_telemetry

  View on GitHub
  ☆98Feb 21, 2019Updated 7 years ago
• slyd0g / SharpCrashEventLog

  View on GitHub
  C# port of LogServiceCrash
  ☆46Oct 7, 2020Updated 5 years ago
• mvelazc0 / Oriana

  View on GitHub
  Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…
  ☆174Jun 10, 2021Updated 4 years ago
• Cybereason / Invoke-WMILM

  View on GitHub
  ☆230May 10, 2018Updated 8 years ago