APC Injection is a code injection technique which bypasses TLS callback protections (Windows OS)
-
Updated
May 17, 2024 - C++
APC Injection is a code injection technique which bypasses TLS callback protections (Windows OS)
Development repository for the sysinternals cookbook
Example in C of changing the current process PEB's address at runtime
A Linux version of the ProcDump Sysinternals tool
Various tools besides Msys2 that I've found useful to have available on windows. Create an issue if you have anything you want to add, want some binaries updated, or you think that some of them should be moved or re-moved.
Sysmon configuration file template with default high-quality event tracing
A set of scripts developed with the aim of facilitating the deployment and updating of Zabbix Agents in large environments.
Anti-Ransomware to mitigate and neutralize Ryuk Threat.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
AwesomeWallpaper plays videos, shows images and system info on your desktop wallpaper
Utilities for Sysmon
See Your Trace Statements in Process Monitor!
Code from process of reversing Sysinternals Suite for educational purposes, with videos to associate them
chocolatey baseline packages
powershell
Python script to index SysInternals procmon CSV exports into elasticsearch
Computer forensic using autospy, wireshark, etc.
Small footprint executable triggering desktop background refreshes, helping to improve user experience and accessibility in VDI environments.
Add a description, image, and links to the sysinternals topic page so that developers can more easily learn about it.
To associate your repository with the sysinternals topic, visit your repo's landing page and select "manage topics."