pathtofile / Sealighter
Sysmon-Like research tool for ETW
☆327Updated last year
Related projects: ⓘ
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆247Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆261Updated 4 months ago
- Security product hook detection☆305Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆157Updated last year
- ☆214Updated 4 months ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆289Updated 6 months ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆194Updated 2 years ago
- ☆288Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆180Updated 2 years ago
- Exploring RPC interfaces on Windows☆257Updated 7 months ago
- Event Tracing For Windows (ETW) Resources☆342Updated 10 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆334Updated this week
- RPC Monitor tool based on Event Tracing for Windows☆324Updated last month
- Expriments☆438Updated 4 months ago
- View ETW Provider manifest☆413Updated 7 months ago
- ☆204Updated 2 years ago
- ☆150Updated 4 months ago
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆314Updated 2 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆537Updated last year
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆203Updated 2 months ago
- ☆154Updated last month
- Aims to identify sleeping beacons☆461Updated 3 months ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆157Updated 2 months ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆86Updated 3 years ago
- ☆206Updated last year
- ☆457Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆659Updated 6 months ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆327Updated 2 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆338Updated 2 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆114Updated 2 years ago