socjordi / sauronLinks
Windows Monitoring Agent (process creation + DLL loading monitor + network monitor + file system access monitor + etc)
☆62Updated 6 years ago
Alternatives and similar repositories for sauron
Users that are interested in sauron are comparing it to the libraries listed below
Sorting:
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Updated 7 years ago
- ☆29Updated 4 years ago
- Trace events in real time sessions☆45Updated 2 years ago
- Example of real-time Windows ETW packet capture session☆53Updated 8 years ago
- ☆33Updated 4 years ago
- Windows ndiscap.sys adapter for WinPcap applications☆27Updated 9 years ago
- Windows tool box library☆66Updated 7 years ago
- Open Source Libraries Collection☆24Updated 9 years ago
- HTTP/HTTPS/DNS inspector (windows driver)☆27Updated 6 years ago
- ☆18Updated 6 years ago
- A minifilter driver preserves all modified and deleted files.☆80Updated 10 years ago
- A stack and register based virtual machine which can compile and execute arbitrary code in runtime☆44Updated 5 months ago
- Simple AntiVirus Driver example☆38Updated 7 years ago
- A driver to intercept low level windows events☆63Updated 5 years ago
- A drop-in replacement for the C++ STL for kernel mode Windows drivers. The goal is to have implementations for things like the standard a…☆31Updated 9 years ago
- Windows file system minifilter driver which generates backup copies of certain files before they change☆48Updated 6 years ago
- View handles and object for each object type☆64Updated 5 years ago
- a sandbox project by sudami☆17Updated 7 years ago
- it can extract functions from .dll, .exe, .sys and it be work! :)☆38Updated 6 years ago
- An open source library for operating the Windows Overlay Filter driver.☆22Updated 6 years ago
- Static Library For Windows Drivers☆36Updated 6 months ago
- ☆25Updated 6 years ago
- Easy Transparent Encrypted File System Based on Minifilter File System Driver☆35Updated 6 months ago
- 在Windows上建立一个开源的强制访问控制框架及SDK。使Windows平台的应用开发者,可以不用关心操作系统底层技术,只用进行简单的SDK调用或配置就可以保护自己的应用程序。☆34Updated 9 years ago
- fork HoShiMin Avanguard☆21Updated 6 years ago
- Library for ETW, ProcessTracker sample based on ETW☆33Updated 8 years ago
- 小型主动防御引擎☆57Updated 9 years ago
- x64 Kernel Hooks Detection☆24Updated 8 years ago
- 粗暴地枚举管理内核的WFP对象。 Manage kernel WFPs in a brutal way.☆27Updated 7 years ago
- LCXL影子系统☆46Updated last year