Alternatives and similar repositories for tscopy:

Users that are interested in tscopy are comparing it to the libraries listed below

• mkorman90 / sysmon-config-bypass-finder
  Detect possible sysmon logging bypasses given a specific configuration
  ☆108Updated 6 years ago
• cobbr / InsecurePowerShell
  InsecurePowerShell is PowerShell with some security features removed.
  ☆104Updated 7 years ago
• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆93Updated 2 years ago
• jsecurity101 / Windows-API-To-Sysmon-Events
  A repository that maps API calls to Sysmon Event ID's.
  ☆118Updated 2 years ago
• kacos2000 / Evtx_Log_Browser
  Evtx Log (xml) Browser
  ☆56Updated 2 years ago
• OmerYa / Babel-Shellfish
  Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
  ☆43Updated 6 years ago
• darkoperator / vscode-sysmon
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆51Updated last year
• jschicht / SetMace
  Manipulate timestamps on NTFS
  ☆50Updated 10 years ago
• fireeye / BitsParser
  ☆146Updated 10 months ago
• slaughterjames / excelpeek
  ☆38Updated 3 years ago
• darmado / Atomic-Red-Team-C2
  ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabili…
  ☆173Updated 7 months ago
• S3cur3Th1sSh1t / Get-System-Techniques
  ☆94Updated 2 years ago
• mandiant / goauditparser
  ☆44Updated last year
• slyd0g / TimeStomper
  PoC that manipulates Windows file times using SetFileTime() API
  ☆60Updated 5 years ago
• DidierStevens / AdHoc
  AdHoc solutions
  ☆48Updated last year
• lawiet47 / autoresponder
  Carbon Black Response IR tool
  ☆53Updated 4 years ago
• airbus-cert / ntTraceControl
  Powershell Event Tracing Toolbox
  ☆75Updated 3 years ago
• trustedsec / SysWhispers
  AV/EDR evasion via direct system calls.
  ☆32Updated 4 years ago
• Rushyo / VindicateTool
  LLMNR/NBNS/mDNS Spoofing Detection Toolkit
  ☆59Updated 3 years ago
• splunk / melting-cobalt
  A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
  ☆165Updated 2 years ago
• agreenjay / sysmon
  A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data
  ☆39Updated 5 years ago
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆76Updated last year
• nasbench / C2-Matrix-Indicators
  This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix
  ☆72Updated 3 years ago
• theflakes / reg_hunter
  Blueteam operational triage registry hunting/forensic tool.
  ☆145Updated last year
• stairwell-inc / cobalt-strike-stager-parser
  ☆34Updated 2 years ago
• kacos2000 / Prefetch-Browser
  Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
  ☆61Updated 4 months ago
• jeffjbowie / Weaponry
  A collection of various tools for red-teaming exercises. A mix of C#, Powershell, & Python
  ☆106Updated 8 months ago
• jsecurity101 / Detecting-Process-Injection-Techniques
  This is a repository that is meant to hold detections for various process injection techniques.
  ☆34Updated 5 years ago
• GoSecure / DLLPasswordFilterImplant
  DLL Password Filter Implant with Exfiltration Capabilities
  ☆136Updated 5 years ago
• OTRF / Set-AuditRule
  Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
  ☆90Updated 3 years ago