zacbrown / hiddentreasure-etw-demoView external linksLinks
Basic demo for Hidden Treasure talk.
☆49Nov 4, 2017Updated 8 years ago
Alternatives and similar repositories for hiddentreasure-etw-demo
Users that are interested in hiddentreasure-etw-demo are comparing it to the libraries listed below
Sorting:
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- ☆13Aug 11, 2018Updated 7 years ago
- ☆52Sep 17, 2018Updated 7 years ago
- This script is used for extracting DDE in docx and xlsx☆12Dec 8, 2017Updated 8 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆162Apr 11, 2017Updated 8 years ago
- Custom scripts released for BSidesDC 2016☆14Oct 19, 2016Updated 9 years ago
- An automated collection and analysis of malware from my honeypots.☆25Feb 8, 2018Updated 8 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- Finds sensitive stuff in your git repository by specifying terms to look for☆31Feb 16, 2018Updated 8 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- Misc PoCs for various research topics☆21Sep 28, 2022Updated 3 years ago
- Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber☆406Dec 8, 2022Updated 3 years ago
- Generates anti-sandbox analysis HTA files without payloads☆120Mar 16, 2017Updated 8 years ago
- Attack Tree modeling sheet for Dia☆20Oct 9, 2018Updated 7 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆750Dec 15, 2025Updated 2 months ago
- ☆16Jun 1, 2018Updated 7 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Powershell Persistence Locator☆66Sep 11, 2016Updated 9 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆388Jun 25, 2024Updated last year
- Currently not updated for WMIEvent module...☆262Feb 23, 2016Updated 9 years ago
- BlackHat Europe 2017 Slides☆25Feb 15, 2018Updated 8 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆252Jul 19, 2021Updated 4 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)☆106Feb 10, 2021Updated 5 years ago
- Burp Suite extension to perform Kerberos authentication☆12Jan 19, 2026Updated 3 weeks ago
- Make it easier to find problem devices on your computer and find the corresponding driver.☆11Sep 18, 2018Updated 7 years ago
- Simple Distributed IOC Scanner☆12Jul 27, 2015Updated 10 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆657Aug 19, 2019Updated 6 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- ☆30Jul 17, 2018Updated 7 years ago
- CTF writeups☆13Jul 2, 2017Updated 8 years ago
- Plugins for the Viper Framework☆14Sep 21, 2019Updated 6 years ago
- Python based module to find common vulnerabilities which lead to Windows privilege escalation☆30Sep 26, 2016Updated 9 years ago
- CVE-2017-5689 Proof-of-Concept exploit☆57Jul 27, 2017Updated 8 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- SSH Ranking system! :D (re-write of ssh-fail-watcher)☆26Dec 20, 2014Updated 11 years ago
- Convert an IP into Alternative / Obfuscated versions of itself☆14Aug 13, 2022Updated 3 years ago
- A library for integrating communication channels with the Cobalt Strike External C2 server☆290Nov 23, 2017Updated 8 years ago