49 Open source projects that are alternatives of or similar to Shhmon

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.

Green-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.

A repository of sysmon configuration modules

Python antivirus evasion tool

Identifies the bytes that Microsoft Defender flags on.

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

Utilities for Sysmon

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.

An Python Script For Generating Payloads that Bypasses All Antivirus so far .

Cloak can backdoor any python script with some tricks.

Enumerate and disable common sources of telemetry used by AV/EDR.

Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable

Generic Signature Format for SIEM Systems

A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams

Investigate suspicious activity by visualizing Sysmon's event log

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.

Sysmon configuration file template with default high-quality event tracing

incident response scripts

Sysmon Splunk App

IPv4 and IPv6 address rate limiting evasion tool

Python AV Evasion Tools

Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.

Qt based replacement for gnome system monitor

Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Packer (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)

Pushes Sysmon Configs

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.

transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Deploy and maintain Symon through the Splunk Deployment Sever

Unprotect is a python tool for parsing PE malware and extract evasion techniques.

Final project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).

C# code for Transferring Backdoor Payloads by ARP Traffic and Bypassing Anti-viruses (Slow)

Veil 3.1.X (Check version info in Veil at runtime)

C# code for Transferring Backdoor Payloads by DNS Traffic and Bypassing Anti-viruses

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Automate the creation of a lab environment complete with security tooling and logging best practices

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Test Blue Team detections without running any attack.

WindowsSpyBlocker 🛡️ is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems.

Open Source EDR for Windows

Endpoint detection & Malware analysis software

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams