ETWProcessMon2
ETW monitor
A tool for monitoring and detecting malicious activity via ETW events
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
292 stars
10 watching
67 forks
Language: C#
last commit: 8 months ago blueteamcobaltstrike-detectiondetection-etw-eventsetwimageloadsmalicious-traffic-detectionmemory-scannermemory-scanner-by-etw-eventsmemory-scanningmeterpreter-detectionpayload-detectionprocessmonitoringrealtime-monitoringremote-thread-injectiontcpip-monitoringtechnique-detectionthread-monitorthreat-hunting-via-etwthreat-hunting-via-sysmonvirtualmemallocation-detection
Related projects:
| Repository | Description | Stars |
|---|---|---|
 catdad/electronmon | An Electron process monitor and watcher that restarts or reloads applications when files change. | 148 |
 eremit4/cs-discovery | Detects malicious servers in network traffic by analyzing encoded byte patterns | 20 |
 rew-sploit/rew-sploit | Analyzes and dissects malware and obfuscated code from various attack frameworks like Metasploit and Cobalt Strike | 139 |
 droe/xnumon | Monitors macOS systems for malicious activity by tracking process activity and system calls | 230 |
 papermtn/gitlab-watchman | Detects exposed secrets and personal data in GitLab repositories | 196 |
 3lp4tr0n/beaconhunter | A tool for detecting and responding to potential Cobalt Strike beacons using Extended Trace Record (ETW) tracing | 481 |
 alexmyczko/ruptime | A tool that provides remote system information and monitoring capabilities | 151 |
 shellster/dcsyncmonitor | Detects unauthorized Domain Controller synchronization attempts and logs alerts to the Windows Event Log. | 138 |
 dcso/fever | A fast and extensible system for processing JSON events from security monitoring tools | 50 |
 ion-storm/sysmon-config | A configuration package for advanced system monitoring using Sysmon, designed to detect and alert on various threat activities and provide forensic visibility. | 775 |
 eahlys/edmon | A tool for monitoring servers and services with real-time notification capabilities. | 8 |
 boku7/injectetwbypass | Tool to bypass ETW (Event Tracing for Windows) security measure in remote processes by injecting a custom syscall | 277 |
 shanek2/invtero.net | Analyzes and validates physical memory from various systems to extract process information and hypervisor details | 279 |
 etsy/411 | An application for managing alerts and scheduling searches against various data sources to detect anomalies in log lines, metrics, and system behavior. | 971 |
 getsentry/sentry-dotnet | A Sentry SDK for .NET that enables crash reporting and performance monitoring in C# applications. | 596 |