mtth-bfft / evtqLinks
Windows eventlog formatting, live fetching and querying utility in C
☆20Updated 5 years ago
Alternatives and similar repositories for evtq
Users that are interested in evtq are comparing it to the libraries listed below
Sorting:
- ☆45Updated last year
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- ☆35Updated 2 years ago
- Donut generator in rust.☆28Updated 3 years ago
- Asynchronous RDP/VNC client for Python (GUI)☆71Updated 7 months ago
- ☆74Updated 2 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 3 years ago
- a tiny program to consume from ETW providers for research☆51Updated 7 months ago
- Kerberos laboratory to better understand and then detecting attack on kerberos☆70Updated 4 years ago
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆62Updated 3 years ago
- MiniDump a process in memory with rust☆36Updated 4 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆42Updated 11 months ago
- A technique for Active Directory domain persistence☆39Updated 2 years ago
- Finds imports that could be exploited, still requires manual analysis.☆29Updated 2 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆118Updated 4 years ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆28Updated last year
- Rust implementation of the Process Herpaderping☆24Updated 2 years ago
- Collection of Rust repos useful for Red Teamers.☆34Updated 2 years ago
- ☆79Updated last year
- ☆35Updated 3 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆128Updated 2 years ago
- example using NtCreateUserProcess in rust☆19Updated 7 months ago
- Python module for running BOFs☆72Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Playing with PE's and Building Structures by Hand☆22Updated 3 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Updated 5 years ago
- A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…☆26Updated last year
- ☆36Updated last year
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Updated 2 years ago