peasead / windows-sandbox-to-elastic
Rapidly building a Windows 10 system to use for dynamic malware analysis (sandbox), sending data to Elastic Cloud.
☆41Updated last year
Related projects ⓘ
Alternatives and complementary repositories for windows-sandbox-to-elastic
- Continuous kerberoast monitor☆43Updated last year
- The repository accompanying the Buer Emulation workshop☆23Updated 3 years ago
- C# User Simulation☆33Updated 2 years ago
- parsers to make life easier☆12Updated 4 years ago
- Repository for LNK stuff☆27Updated 2 years ago
- ☆15Updated 3 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆23Updated last year
- Apfell implant written in C#.☆8Updated 3 years ago
- Forked and updated with some additional features over the original☆16Updated 3 years ago
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- just manipulatin these here tokens yes sir nothing weird☆22Updated 2 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆13Updated 2 years ago
- A collection of my presentation materials.☆16Updated 6 months ago
- Dump Lsass Memory Using a Reflective Dll☆14Updated 2 years ago
- AMSI detection PoC☆30Updated 4 years ago
- Apply a filter to the events being reported by windows event logging☆15Updated 4 years ago
- A Docker container used to easily compile Nim binaries generated by my tools (NimPackt and NimPlant)☆14Updated last year
- Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.☆46Updated 3 years ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Reproducible and extensible BloodHound playbooks☆42Updated 4 years ago
- Log converter from CS log to Ghostwriter CSV☆29Updated 3 years ago
- ☆13Updated 10 months ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago
- Firebase Domain Front Code☆21Updated 3 years ago
- pypykatz plugin for volatility3 framework☆31Updated 7 months ago
- A cloud automation system for Red Teams based on Terraform and Ansible☆24Updated 3 years ago
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…☆19Updated 2 years ago
- ☆36Updated 3 years ago
- Links to malware-related YARA rules☆14Updated 2 years ago