DCSYNCMonitor
DC Synchronization Monitor
Detects unauthorized Domain Controller synchronization attempts and logs alerts to the Windows Event Log.
Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.
138 stars
7 watching
32 forks
Language: C
last commit: over 6 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 dcso/slinkwatch | Automates Suricata monitoring interface configuration and detection thread allocation based on real-time network interface status changes. | 11 |
 jpcertcc/sysmonsearch | Analyzes Sysmon event logs to detect suspicious activity and visualize process and network correlations. | 417 |
| dcso/fever | A fast and extensible system for processing JSON events from security monitoring tools | 50 |
 secureworks/dcept | A system for detecting and responding to potential insider threats in an Active Directory environment by monitoring for unauthorized logon attempts | 497 |
 droe/xnumon | Monitors macOS systems for malicious activity by tracking process activity and system calls | 230 |
 sans-blue-team/deepbluecli | A PowerShell module for analyzing Windows event logs to detect and respond to potential security threats. | 2,190 |
 rexdf/commandtrayhost | A command-line program that monitors and controls the systray on Windows. | 397 |
 sud0woodo/dcomrade | Automates enumeration of vulnerable DCOM applications to aid in lateral movement and exploitation testing | 254 |
 whoopsmonitor/whoopsmonitor | Automated monitoring of application health using Docker containers and scheduled checks | 22 |
 damonmohammadbagher/etwprocessmon2 | A tool for monitoring and detecting malicious activity via ETW events | 292 |
 lausser/check_sstcam | A monitoring plugin for checking alarm directory updates from a SUN Storagetek Common Array Manager | 1 |
 dwmkerr/mongo-monitor | A command-line tool to monitor the status of a MongoDB cluster in real-time. | 77 |
 mosajjal/dnsmonster | A toolkit for monitoring and analyzing DNS traffic to help security teams understand an organization's DNS activity | 317 |
 masonc15/wsl-notify-zsh | A plugin for zsh that uses another tool to notify users when long-running commands exceed a threshold. | 1 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 240 |