Alternatives and similar repositories for KilledProcessCanary

Users that are interested in KilledProcessCanary are comparing it to the libraries listed below

• olafhartong / Presentations
  My conference presentations
  ☆66Updated last year
• avast / yari
  YARI is an interactive debugger for YARA Language.
  ☆88Updated last week
• DidierStevens / etl2pcapng
  Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.
  ☆46Updated 5 years ago
• dmaasland / mcafee-config-decrypt
  ☆60Updated 5 years ago
• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆94Updated 2 years ago
• fraktalcyber / Fransom
  Fraktal's Ransomware Emulator
  ☆102Updated last year
• BinaryDefense / beacon-fronting
  A simple command line program to help defender test their detections for network beacon patterns and domain fronting
  ☆69Updated 3 years ago
• nasbench / C2-Matrix-Indicators
  This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix
  ☆73Updated 3 years ago
• rgeoghan / app-password-persistence
  Using Microsoft 365 App Passwords for persistence
  ☆23Updated 4 years ago
• OTRF / Set-AuditRule
  Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
  ☆93Updated 3 years ago
• cado-security / rip_raw
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆131Updated 3 years ago
• IceMoonHSV / Sim
  C# User Simulation
  ☆32Updated 2 years ago
• fox-it / skrapa
  A zero dependency and customizable Python library for scanning Windows and Linux process memory.
  ☆66Updated last year
• Neo23x0 / xorex
  XOR Key Extractor
  ☆50Updated 10 months ago
• lawiet47 / autoresponder
  Carbon Black Response IR tool
  ☆53Updated 4 years ago
• jwillyamz / ezEmu
  See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
  ☆105Updated 2 years ago
• mkorman90 / sysmon-config-bypass-finder
  Detect possible sysmon logging bypasses given a specific configuration
  ☆111Updated 6 years ago
• sumeshi / evtx2es
  A library for fast parse & import of Windows Eventlogs into Elasticsearch.
  ☆85Updated this week
• kgoins / ldsview
  ☆108Updated 3 years ago
• embee-research / Yara-detection-rules
  Yara Rules for Modern Malware
  ☆77Updated last year
• moullos / Mitigate
  Machine Interrogation To Identify Gaps & Techniques for Execution
  ☆32Updated 2 years ago
• theflakes / reg_hunter
  Blueteam operational triage registry hunting/forensic tool.
  ☆148Updated 2 years ago
• nmantani / PS-TrustedDocuments
  PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office
  ☆35Updated 2 years ago
• slaughterjames / excelpeek
  ☆38Updated 3 years ago
• airbus-cert / ntTraceControl
  Powershell Event Tracing Toolbox
  ☆75Updated 3 years ago
• LaresLLC / SysmonConfigPusher
  Pushes Sysmon Configs
  ☆88Updated 4 years ago
• g-les / 100DaysofYARA
  100 Days of YARA to be updated with rules & ideas as the year progresses
  ☆60Updated 2 years ago
• PwCUK-CTO / SANSCTISummit2021-xStart
  Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".
  ☆14Updated 3 years ago
• ITAYC0HEN / SUNBURST-Cracked
  The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations.
  ☆56Updated 4 years ago
• NextronSystems / CyberChef
  CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
  ☆63Updated 2 years ago