https://github.com/damonmohammadbagher/etwprocessmon2

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

blueteam cobaltstrike-detection detection-etw-events etw imageloads malicious-traffic-detection memory-scanner memory-scanner-by-etw-events memory-scanning meterpreter-detection payload-detection processmonitoring realtime-monitoring remote-thread-injection tcpip-monitoring technique-detection thread-monitor threat-hunting-via-etw threat-hunting-via-sysmon virtualmemallocation-detection

Last synced: 06 Apr 2025