olafhartong / PockETWatcherLinks
a tiny program to consume from ETW providers for research
☆50Updated 6 months ago
Alternatives and similar repositories for PockETWatcher
Users that are interested in PockETWatcher are comparing it to the libraries listed below
Sorting:
- ☆45Updated last year
- ☆69Updated last year
- PowerShell PE Parser☆63Updated last year
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆21Updated 7 months ago
- ☆44Updated last month
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆89Updated 11 months ago
- quASAR: ASAR manipulation made easy☆38Updated 2 years ago
- AutoRMM is a collection of scripts and instructions we are organizing, to test delivery mechanisms for RMM and screen sharing tools, alo…☆42Updated last week
- Living Off the Foreign Land setup scripts☆70Updated 5 months ago
- ☆74Updated 2 years ago
- ☆14Updated last year
- ☆76Updated 11 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆37Updated 5 months ago
- Repo containing my public talks☆23Updated 2 years ago
- Blog/Journal on how to backdoor VSCode extensions☆63Updated 2 weeks ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers☆123Updated 10 months ago
- Python DPAPI NG Decryptor for non-Windows Platforms☆62Updated 7 months ago
- Test AMSI Provider implementation in C#☆41Updated 7 months ago
- msuserstats is a comprehensive Powershell tool to manage accounts from Microsoft Entra ID and Active Directory. It supports: a unified vi…☆42Updated 4 months ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52Updated last year
- ☆42Updated last year
- Microsoft Graph API post-exploitation toolkit☆94Updated last year
- ☆103Updated last month
- ☆107Updated 9 months ago
- .NET tool used to enrich RPC telemetry☆95Updated last month
- ☆20Updated last year
- ☆119Updated 4 years ago
- Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later☆91Updated 2 years ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆41Updated last year