zodiacon / DotNextSP2019
DotNext 2019 St. Petersburg Talk Demos
☆40Updated 5 years ago
Alternatives and similar repositories for DotNextSP2019:
Users that are interested in DotNextSP2019 are comparing it to the libraries listed below
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆35Updated 4 years ago
- ☆67Updated 2 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆38Updated 2 years ago
- API Set Viewer☆89Updated 3 months ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆53Updated 2 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆31Updated 4 years ago
- Blog posts☆30Updated 4 years ago
- A tool to create COM class/interface relationships in neo4j☆49Updated 2 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆35Updated 3 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 8 years ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- ☆61Updated last year
- Bare template for a Kernel Mode Driver☆51Updated 5 years ago
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆43Updated 3 years ago
- Winbindex bot to pull in binaries for specific releases☆47Updated last year
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆38Updated 2 years ago
- ReaCOM has got a lot of tools to use and is related to component object model☆74Updated 5 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆41Updated 5 years ago
- ☆23Updated last year
- ☆22Updated 4 years ago
- Named pipe I/O ETW provider for Windows☆70Updated 4 years ago
- A simple API monitor for Windbg☆63Updated 8 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆21Updated 8 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆95Updated 7 years ago
- PE File Blessing - To continue or not to continue☆87Updated 5 years ago
- Rekall Memory Forensic Framework☆32Updated 5 years ago