mkorman90 / sysmon-config-bypass-finderView external linksLinks
Detect possible sysmon logging bypasses given a specific configuration
☆111Dec 26, 2018Updated 7 years ago
Alternatives and similar repositories for sysmon-config-bypass-finder
Users that are interested in sysmon-config-bypass-finder are comparing it to the libraries listed below
Sorting:
- Miscellaneous C-Sharp projects for red team activities☆24Aug 12, 2022Updated 3 years ago
- Automate AV evasion by calling AMSI☆88May 31, 2023Updated 2 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- A C# tool to send emails through Outlook from the command line or in memory☆32Jun 17, 2020Updated 5 years ago
- Evade sysmon and windows event logging☆625Apr 8, 2020Updated 5 years ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 3 years ago
- SilkETW & SilkService☆40Aug 14, 2019Updated 6 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- A C# tool to search through a running instance of Outlook for keywords☆111Jan 14, 2021Updated 5 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆266Nov 30, 2018Updated 7 years ago
- A C# tool for enumerating remote access policies through group policy.☆73Apr 18, 2019Updated 6 years ago
- An Insider Threat Toolkit☆155Dec 17, 2018Updated 7 years ago
- Test Blue Team detections without running any attack.☆272May 2, 2024Updated last year
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆135Aug 10, 2018Updated 7 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆121Nov 14, 2022Updated 3 years ago
- A C# implementation of PrivExchange by @_dirkjan.☆155Mar 15, 2019Updated 6 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- ☆98Mar 16, 2016Updated 9 years ago
- SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.☆110Jan 20, 2021Updated 5 years ago
- Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.☆65Dec 27, 2017Updated 8 years ago
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆108Feb 12, 2023Updated 3 years ago
- C# port of WMImplant which uses either CIM or WMI to query remote systems☆202Jul 14, 2021Updated 4 years ago
- Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely☆424Jul 27, 2022Updated 3 years ago
- SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt…☆196Jun 30, 2019Updated 6 years ago
- Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been se…☆170Aug 10, 2020Updated 5 years ago
- Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs☆728Jan 21, 2020Updated 6 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆177Jun 10, 2021Updated 4 years ago
- A collection of various tools for red-teaming exercises. A mix of C#, Powershell, & Python☆108Jul 26, 2024Updated last year
- Sysmon Tools for PowerShell☆232Aug 17, 2018Updated 7 years ago
- Powershell C2 Server and Implants☆574Nov 11, 2019Updated 6 years ago
- ☆230May 10, 2018Updated 7 years ago
- ☆169Dec 8, 2022Updated 3 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- TrustedSec Sysinternals Sysmon Community Guide☆1,365Updated this week
- C# port of LogServiceCrash☆46Oct 7, 2020Updated 5 years ago
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago