Alternatives and similar repositories for WMI_Monitor

Users that are interested in WMI_Monitor are comparing it to the libraries listed below

• mandiant / flare-wmi

  View on GitHub
  ☆432May 3, 2023Updated 2 years ago
• matthewdunwoody / PS_logging_reg

  View on GitHub
  A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed
  ☆16Jun 20, 2016Updated 9 years ago
• Invoke-IR / WmiEvent

  View on GitHub
  A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions
  ☆55Feb 23, 2016Updated 9 years ago
• Invoke-IR / Uproot

  View on GitHub
  Currently not updated for WMIEvent module...
  ☆262Feb 23, 2016Updated 9 years ago
• mattifestation / CimSweep

  View on GitHub
  CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…
  ☆659Aug 19, 2019Updated 6 years ago
• darkquasar / WMI_Persistence

  View on GitHub
  A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
  ☆88Oct 6, 2017Updated 8 years ago
• RedSiege / WMIOps

  View on GitHub
  This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.
  ☆388Jun 25, 2024Updated last year
• RedSiege / WMImplant

  View on GitHub
  This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …
  ☆840Jun 25, 2024Updated last year
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆349Mar 19, 2021Updated 4 years ago
• zacbrown / PowerShellMethodAuditor

  View on GitHub
  PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.
  ☆37Sep 19, 2017Updated 8 years ago
• gfoss / PSRecon

  View on GitHub
  PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…
  ☆491Jul 29, 2017Updated 8 years ago
• Infocyte / PSHunt

  View on GitHub
  Powershell Threat Hunting Module
  ☆289Sep 21, 2016Updated 9 years ago
• jaredcatkinson / EvilNetConnectionWMIProvider

  View on GitHub
  ☆80Sep 27, 2015Updated 10 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• proxb / PoshEventUI

  View on GitHub
  UI used to manage Permanent WMI Event Consumers
  ☆14Mar 21, 2015Updated 10 years ago
• zacbrown / PowerKrabsEtw

  View on GitHub
  PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
  ☆103Nov 17, 2020Updated 5 years ago
• michaeltlombardi / PSPrivateGalleryWalkthrough

  View on GitHub
  A walkthrough of deploying and configuring a PowerShell Private Gallery to Azure via ARM Templates, DSC Configurations, and Visual Studio…
  ☆12Mar 8, 2017Updated 8 years ago
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆937Dec 12, 2023Updated 2 years ago
• MHaggis / hunt-detect-prevent

  View on GitHub
  Lists of sources and utilities utilized to hunt, detect and prevent evildoers.
  ☆168Dec 10, 2018Updated 7 years ago
• johnbergbom / PeddleCheap

  View on GitHub
  Pcaps for PeddleCheap and implant communication + script for interpreting and decrypting pcaps.
  ☆17Nov 29, 2017Updated 8 years ago
• davehull / VirusTotalShell

  View on GitHub
  A fork of David B Heise's VirusTotal Powershell Module
  ☆17Mar 14, 2022Updated 3 years ago
• devgc / SrumMonkey

  View on GitHub
  Tool to parse SRU database
  ☆25Mar 1, 2018Updated 7 years ago
• davidpany / WMI_Forensics

  View on GitHub
  ☆308Aug 14, 2020Updated 5 years ago
• darkoperator / Posh-Sysmon

  View on GitHub
  PowerShell module for creating and managing Sysinternals Sysmon config files.
  ☆214Mar 29, 2021Updated 4 years ago
• jaredcatkinson / PSReflect-Functions

  View on GitHub
  Module to provide PowerShell functions that abstract Win32 API functions
  ☆250Jun 6, 2024Updated last year
• dmb2168 / OAuthHunting

  View on GitHub
  ☆53May 21, 2018Updated 7 years ago
• chenerlich / FCL

  View on GitHub
  FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
  ☆477Apr 8, 2021Updated 4 years ago
• Invoke-IR / ACE

  View on GitHub
  Automated, Collection, and Enrichment Platform
  ☆324Nov 14, 2019Updated 6 years ago
• acalarch / ETL-to-EVTX

  View on GitHub
  Powershell to read ETL file on an interval and convert it to an EVTX (so Windows Event Forwarding can 'subscribe')
  ☆11May 16, 2017Updated 8 years ago
• incredibleindishell / axis_web_shell

  View on GitHub
  This repo contains Axis web shells
  ☆18Jun 15, 2019Updated 6 years ago
• williballenthin / python-sdb

  View on GitHub
  Pure Python parser for Application Compatibility Shim Databases (.sdb files)
  ☆110Jan 26, 2021Updated 5 years ago
• JohnLaTwC / PyPowerShellXray

  View on GitHub
  Python script to decode common encoded PowerShell scripts
  ☆217Jun 13, 2018Updated 7 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,569Sep 21, 2025Updated 4 months ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 3 years ago
• praetorian-inc / purple-team-attack-automation

  View on GitHub
  Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
  ☆728Jan 21, 2020Updated 6 years ago
• ceramicskate0 / SWELF

  View on GitHub
  Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…
  ☆24Jun 20, 2023Updated 2 years ago
• secabstraction / Create-WMIshell

  View on GitHub
  ☆52Apr 14, 2015Updated 10 years ago
• danielbohannon / Revoke-Obfuscation

  View on GitHub
  PowerShell Obfuscation Detection Framework
  ☆749Dec 1, 2023Updated 2 years ago
• FuzzySecurity / HackSysTeam-PSKernelPwn

  View on GitHub
  ☆142Apr 21, 2017Updated 8 years ago