Computer forensic using autospy, wireshark, etc.
-
Updated
Apr 19, 2023
Computer forensic using autospy, wireshark, etc.
특정 프로세스의 런타임 파일 API 호출 로그를 분석하여 파일 API 사용 상의 오류를 자동으로 탐지합니다.
Sysinternals Now is an utility to fetch Sysinternals utilities.
Batch Script that takes file objects and identifies file magic items and copies to current working directory. The script also uploads everything to VirusTotal.
A set of scripts developed with the aim of facilitating the deployment and updating of Zabbix Agents in large environments.
powershell
Python script to index SysInternals procmon CSV exports into elasticsearch
Gets you the available thread count, without caching; handy for systems and hot-plugging cpus; merged into Docker.
A python whois client that is intended to be a drop-in upgrade to the Windows sysinternals whois client with support for significantly more WHOIS formats and domains.
chocolatey baseline packages
Sysmon configuration file template from SwiftOnSecurity with a few PRs merged and install/updates scripts from threathunting.
See Your Trace Statements in Process Monitor!
Example in C of changing the current process PEB's address at runtime
Frontend for Handle viewer of Windows Sysinternals
Wixsharp based installed MSI for Sysmon and rules from the SwiftOnSecurity project
Small footprint executable triggering desktop background refreshes, helping to improve user experience and accessibility in VDI environments.
APC Injection is a code injection technique which bypasses TLS callback protections (Windows OS)
Development repository for the sysinternals cookbook
Add a description, image, and links to the sysinternals topic page so that developers can more easily learn about it.
To associate your repository with the sysinternals topic, visit your repo's landing page and select "manage topics."