Sysmon configuration file template with default high-quality event tracing

Sysmon configuration file template with default high-quality event tracing

Malicious traffic detection system

A list of JARM hashes for different ssl implementations used by some C2/red team tools.

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Remote Desktop Protocol in Twisted Python

An App Domain Manager Injection DLL PoC on steroids

Program for determining types of files for Windows, Linux and MacOS.

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Utility to inject honey tokens into lsass.

A resource containing all the tools each ransomware gangs uses

Encyclopedia for Executables

BlockBlock provides continual protection by monitoring persistence locations.

This project aims to compare and evaluate the telemetry of various EDR products.

Execute ELF files without dropping them on disk

A quick way to check for the presence of dnSpy hooks in memory

Library to load a DLL from memory.

A logging ASKPASS binary

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

An RFB proxy, written in go that can save and replay FBS files

Malware Configuration And Payload Extraction

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Obfuscation library based on C++20 and metaprogramming