olafhartong / PockETWatcherView external linksLinks
a tiny program to consume from ETW providers for research
☆54Jan 4, 2025Updated last year
Alternatives and similar repositories for PockETWatcher
Users that are interested in PockETWatcher are comparing it to the libraries listed below
Sorting:
- simple C# portscanner - written for playing around with Metasploit's Execute-Assembly☆10Jul 1, 2023Updated 2 years ago
- A proof-of-concept re-assembler for reverse VNC traffic.☆24May 21, 2023Updated 2 years ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 10 months ago
- Tool designed to exfiltrate OneDrive Business OCR Data☆125Jan 27, 2025Updated last year
- Active Directory Group Policy analyzer☆18Sep 20, 2019Updated 6 years ago
- This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…☆32May 11, 2024Updated last year
- Test AMSI Provider implementation in C#☆42Dec 18, 2024Updated last year
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆142Updated this week
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆261Apr 14, 2025Updated 10 months ago
- A care package of useful bofs for red team engagments☆55Dec 6, 2024Updated last year
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆339Oct 7, 2024Updated last year
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- The home of the SDDLMaker☆28Jan 13, 2025Updated last year
- ☆23Jun 1, 2022Updated 3 years ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆86Aug 2, 2023Updated 2 years ago
- Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.☆43May 24, 2021Updated 4 years ago
- ☆260May 9, 2024Updated last year
- Short Python script for parsing Defender VDM signature files.☆10Sep 22, 2024Updated last year
- ☆54Feb 2, 2026Updated last week
- Ansible role for installing Sysmon with popular config files included.☆24Jan 8, 2023Updated 3 years ago
- It records your terminal, then lets you upload to ASHIRT☆29Feb 8, 2026Updated last week
- A repository of credential stealer formats☆243Jun 10, 2025Updated 8 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆74Jan 3, 2025Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆243Sep 26, 2023Updated 2 years ago
- EWDK C++ toolchain for bazel☆11Feb 1, 2026Updated 2 weeks ago
- EVM in python from scratch because why not☆11Aug 22, 2022Updated 3 years ago
- Linux kernel-mode and user-space with wine/MinGW/Windows compability hacking library.☆12Sep 15, 2022Updated 3 years ago
- Windows Scripts☆12Apr 2, 2020Updated 5 years ago
- A Python client for the Global CVE Allocation System.☆17Jan 31, 2026Updated 2 weeks ago
- An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.☆16Nov 1, 2023Updated 2 years ago
- Indicators of compromise from to analysis and research by Nextron Threat Research team☆12Sep 17, 2025Updated 4 months ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆116Aug 19, 2025Updated 5 months ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Dec 10, 2021Updated 4 years ago
- Living Off the Foreign Land setup scripts☆74Feb 26, 2025Updated 11 months ago
- C# exfiltration tool☆13Sep 24, 2021Updated 4 years ago
- This Repository is for random Knicks and knacks - in relation to PowerShell scripts I have created for one task or another.☆15Jan 13, 2025Updated last year
- Application for detecting command and control (C2) communication through network traffic analysis.☆15May 12, 2023Updated 2 years ago
- Helps defenders find their WSUS configurations in the wake of CVE-2025-59287☆46Oct 28, 2025Updated 3 months ago
- This script and accompanying files will allow system administrators to automatically deploy Microsoft Local Administrator Password Soluti…☆13Aug 18, 2017Updated 8 years ago