pathtofile / Sealighter
Sysmon-Like research tool for ETW
☆349Updated 2 years ago
Alternatives and similar repositories for Sealighter:
Users that are interested in Sealighter are comparing it to the libraries listed below
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆271Updated 4 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆171Updated 2 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆295Updated 11 months ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆109Updated 4 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆301Updated last year
- ☆295Updated 3 years ago
- View ETW Provider manifest☆478Updated 5 months ago
- Run Processes as PPL with ELAM☆160Updated 3 years ago
- Event Tracing For Windows (ETW) Resources☆375Updated 6 months ago
- Expriments☆454Updated 6 months ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆187Updated 3 years ago
- Security product hook detection☆318Updated 4 years ago
- ☆245Updated 11 months ago
- RPC Monitor tool based on Event Tracing for Windows☆346Updated 8 months ago
- Exploring RPC interfaces on Windows☆321Updated last year
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆175Updated this week
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆329Updated 2 years ago
- ☆215Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆207Updated 2 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆558Updated 2 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆323Updated last year
- Yet another variant of Process Hollowing☆391Updated 3 months ago
- Extract Windows Defender database from vdm files and unpack it☆440Updated 5 years ago
- A DTrace on Windows Reimplementation☆343Updated 2 months ago
- Tools and PoCs for Windows syscall investigation.☆359Updated 3 months ago
- Document ETW providers☆228Updated 5 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Some Code Samples for Windows based Inter-Process-Communication (IPC)☆172Updated last year
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆165Updated last month
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆740Updated last year