Alternatives and similar repositories for PockETWatcher

Users that are interested in PockETWatcher are comparing it to the libraries listed below

• jonny-jhnson / LDAPMon
  ☆45Updated last year
• BlackSnufkin / CheckPlz
  Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.
  ☆19Updated 5 months ago
• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆38Updated 2 years ago
• bagelByt3s / ludus_adfs
  An Ansible collection that installs an ADFS deployment with optional configurations.
  ☆39Updated 6 months ago
• andreisss / Living-off-the-COM-Type-Coercion-Abuse
  This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…
  ☆43Updated last month
• notEricaZelic / M365AdminAccessReviewer
  Shows which M365 Objects have Privileged Access and what type (i.e. PIM, Direct, Currently Elevated)
  ☆25Updated last month
• decoder-it / Troopers24
  ☆41Updated 11 months ago
• cbecks2 / edr-artifacts
  This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.
  ☆80Updated 9 months ago
• jborean93 / AmsiProvider
  Test AMSI Provider implementation in C#
  ☆41Updated 6 months ago
• sidaf / moonshine
  ☆69Updated last year
• huntandhackett / PassiveAggression
  Source code and examples for PassiveAggression
  ☆61Updated last year
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 11 months ago
• bitsadmin / lofl
  Living Off the Foreign Land setup scripts
  ☆70Updated 3 months ago
• outflanknl / Training-MSOfficeOffensiveTradecraft
  Info related to the Outflank training: Microsoft Office Offensive Tradecraft
  ☆52Updated last year
• Phil0x4a / msuserstats
  msuserstats is a comprehensive Powershell tool to manage accounts from Microsoft Entra ID and Active Directory. It supports: a unified vi…
  ☆41Updated 3 months ago
• naksyn / talks
  Repo containing my public talks
  ☆23Updated 2 years ago
• Fitretech-Security / dylight
  macOS dylib stager
  ☆33Updated 5 months ago
• mlcsec / SharpGraphView
  Microsoft Graph API post-exploitation toolkit
  ☆94Updated 11 months ago
• ToweringDragoon / SACL_Scanner
  SACL Scanner is a tool designed to scan and analyze SACLs.
  ☆38Updated 4 months ago
• ACE-Responder / rpcfirewall-extended-telemetry
  ☆14Updated last year
• jonny-jhnson / PowerParse
  PowerShell PE Parser
  ☆63Updated 11 months ago
• kozmer / rspy
  rust port of pspy with support for process monitoring over dbus
  ☆28Updated last week
• NetSPI / silkwasm
  HTML Smuggling with Web Assembly
  ☆61Updated last year
• reecdeep / hollowise
  Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …
  ☆36Updated 4 months ago
• heartburn-dev / PKI-Escalate
  Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Serv…
  ☆25Updated last year
• morRubin / NegoExRelay
  ☆88Updated 2 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• jonny-jhnson / JonMon-Lite
  ☆39Updated 2 weeks ago
• ACE-Responder / ace-proctree
  Create a cool process tree like https://twitter.com/ACEResponder.
  ☆35Updated 2 years ago
• EvilBytecode / Lifetime-AmsiBypass
  Lifetime AMSI bypass.
  ☆35Updated 2 months ago