Log newly created WMI consumers and processes to the Windows Application event log
☆124Feb 28, 2018Updated 8 years ago
Alternatives and similar repositories for WMI_Monitor
Users that are interested in WMI_Monitor are comparing it to the libraries listed below
Sorting:
- ☆432May 3, 2023Updated 2 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Jun 20, 2016Updated 9 years ago
- A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions☆55Feb 23, 2016Updated 10 years ago
- Currently not updated for WMIEvent module...☆262Feb 23, 2016Updated 10 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆657Aug 19, 2019Updated 6 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆88Oct 6, 2017Updated 8 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆388Jun 25, 2024Updated last year
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆842Jun 25, 2024Updated last year
- ☆349Mar 19, 2021Updated 4 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…☆494Jul 29, 2017Updated 8 years ago
- Powershell Threat Hunting Module☆290Sep 21, 2016Updated 9 years ago
- ☆80Sep 27, 2015Updated 10 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- UI used to manage Permanent WMI Event Consumers☆14Mar 21, 2015Updated 10 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- A walkthrough of deploying and configuring a PowerShell Private Gallery to Azure via ARM Templates, DSC Configurations, and Visual Studio…☆12Mar 8, 2017Updated 8 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆168Dec 10, 2018Updated 7 years ago
- Pcaps for PeddleCheap and implant communication + script for interpreting and decrypting pcaps.☆17Nov 29, 2017Updated 8 years ago
- A fork of David B Heise's VirusTotal Powershell Module☆17Mar 14, 2022Updated 3 years ago
- Detects DLL hijacking in running processes on Windows systems☆156Apr 2, 2015Updated 10 years ago
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- ☆309Aug 14, 2020Updated 5 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.☆214Mar 29, 2021Updated 4 years ago
- Module to provide PowerShell functions that abstract Win32 API functions☆250Jun 6, 2024Updated last year
- ☆53May 21, 2018Updated 7 years ago
- FCL (Fileless Command Lines) - Known command lines of fileless malicious executions☆477Apr 8, 2021Updated 4 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- This repo contains Axis web shells☆18Jun 15, 2019Updated 6 years ago
- Powershell to read ETL file on an interval and convert it to an EVTX (so Windows Event Forwarding can 'subscribe')☆11May 16, 2017Updated 8 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆110Jan 26, 2021Updated 5 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- Utilities for Sysmon☆1,573Sep 21, 2025Updated 5 months ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 4 years ago
- Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…☆24Jun 20, 2023Updated 2 years ago
- Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs☆730Jan 21, 2020Updated 6 years ago
- ☆52Apr 14, 2015Updated 10 years ago
- PowerShell Obfuscation Detection Framework☆750Dec 1, 2023Updated 2 years ago