Userland API monitor for threat hunting
☆58Mar 4, 2020Updated 6 years ago
Alternatives and similar repositories for Captain
Users that are interested in Captain are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Live hunting of code injection techniques☆385Aug 22, 2019Updated 6 years ago
- C# Process Hollowing POC☆18Jan 5, 2023Updated 3 years ago
- An ELK environment containing interesting security datasets.☆136May 11, 2020Updated 5 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆15Aug 15, 2022Updated 3 years ago
- BackdoorMan is a toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination.☆77Dec 13, 2022Updated 3 years ago
- A Canary which fires when uninstalled☆34Mar 16, 2021Updated 5 years ago
- a program to detect reflective dll injection on a live machine☆76Dec 12, 2015Updated 10 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Aug 21, 2024Updated last year
- This script runs multithreading module that connects to a remote TCP server, monitors active (opened) Microsoft Word documents (.doc,.doc…☆33Jul 24, 2020Updated 5 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Dec 11, 2023Updated 2 years ago
- ☆21Jan 28, 2020Updated 6 years ago
- SIEM USE Case Selection Methodology☆17Sep 18, 2020Updated 5 years ago
- Kerberoast Detection Script☆30Oct 31, 2024Updated last year
- Shellcode runner in Rust☆34Oct 30, 2020Updated 5 years ago
- Collection of scripts and tools related to the eCTHPv2 exam by INE.☆19Jun 12, 2022Updated 3 years ago
- Go Lang Portable Executable Parser☆39Mar 31, 2021Updated 4 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- PowerShell script for hunting webshells on Microsoft Exchange Servers.☆56Feb 1, 2017Updated 9 years ago
- (kinda) Malicious Outlook Reader☆138Mar 3, 2021Updated 5 years ago
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 7 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆40Apr 8, 2021Updated 4 years ago
- ☆12Feb 8, 2023Updated 3 years ago
- QuickSQL is a simple MSSQL query tool that allows you to connect to MSSQL databases and does not require administrative level rights to u…☆103Apr 17, 2020Updated 5 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Oct 7, 2020Updated 5 years ago
- Extendable payload obfuscation and delivery framework☆146Nov 4, 2022Updated 3 years ago
- Red Team C2 and Post Exploitation code☆36Mar 10, 2026Updated 2 weeks ago
- Burp Report Generator☆11Mar 1, 2025Updated last year
- RDP Checker☆64Feb 23, 2024Updated 2 years ago
- ☆112Jul 24, 2023Updated 2 years ago
- MSBuild without MSbuild.exe☆135Dec 21, 2020Updated 5 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- Visual Studio (C++) Solution Template for Payloads☆18Oct 30, 2019Updated 6 years ago
- Vulnerable Windows Driver with exploits which were used for demonstration purposes on Hunting and exploiting bugs in kernel drivers prese…☆13Jan 29, 2013Updated 13 years ago
- Resolvn Threat Hunting Virtual Machine☆139Aug 16, 2019Updated 6 years ago
- Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.☆47Feb 17, 2021Updated 5 years ago
- SEC599 supporting GitHub repository☆16Sep 14, 2019Updated 6 years ago