Computer forensic using autospy, wireshark, etc.
-
Updated
Apr 19, 2023
Computer forensic using autospy, wireshark, etc.
Sysinternals Now is an utility to fetch Sysinternals utilities.
특정 프로세스의 런타임 파일 API 호출 로그를 분석하여 파일 API 사용 상의 오류를 자동으로 탐지합니다.
powershell
Python script to index SysInternals procmon CSV exports into elasticsearch
Batch Script that takes file objects and identifies file magic items and copies to current working directory. The script also uploads everything to VirusTotal.
A set of scripts developed with the aim of facilitating the deployment and updating of Zabbix Agents in large environments.
Gets you the available thread count, without caching; handy for systems and hot-plugging cpus; merged into Docker.
A python whois client that is intended to be a drop-in upgrade to the Windows sysinternals whois client with support for significantly more WHOIS formats and domains.
chocolatey baseline packages
Sysmon configuration file template from SwiftOnSecurity with a few PRs merged and install/updates scripts from threathunting.
See Your Trace Statements in Process Monitor!
Frontend for Handle viewer of Windows Sysinternals
Example in C of changing the current process PEB's address at runtime
Wixsharp based installed MSI for Sysmon and rules from the SwiftOnSecurity project
APC Injection is a code injection technique which bypasses TLS callback protections (Windows OS)
Small footprint executable triggering desktop background refreshes, helping to improve user experience and accessibility in VDI environments.
Development repository for the sysinternals cookbook
Add a description, image, and links to the sysinternals topic page so that developers can more easily learn about it.
To associate your repository with the sysinternals topic, visit your repo's landing page and select "manage topics."