jdu2600

@jdu2600

Canberra, Australia

Pinned Repositories

API-To-ETW
Uses ghidra to find all ETW write metadata for each API in a PE file
Language:Java101
CFG-FindHiddenShellcode
Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
Language:C++100 4 112
ETW-PPL-Tester
Consume Threat-Intelligence ETW using krabsetw and BYOVD
Language:C++20
Etw-SyscallMonitor
Monitors ETW for security relevant syscalls maintaining the set called by each unique process
Language:C#49 1 05
EtwExplorer
View ETW Provider manifest
Language:C#2 0 00
EtwTi-FluctuationMonitor
Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
Language:C++95 3 010
Get-InjectedThreadEx
Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
Language:PowerShell27 2 04
PeNet
Portable Executable (PE) library written in .Net
Language:C#2 0 00
RpcRegistrationMonitor
Language:C#2 2 00
Windows10EtwEvents
Events from all manifest-based and mof-based ETW providers across Windows 10 versions
Language:C#268 11 056

jdu2600's Repositories

jdu2600/Windows10EtwEvents
Events from all manifest-based and mof-based ETW providers across Windows 10 versions
Language:C#268 11 056
jdu2600/CFG-FindHiddenShellcode
Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
Language:C++100 4 112
jdu2600/EtwTi-FluctuationMonitor
Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
Language:C++95 3 010
jdu2600/Etw-SyscallMonitor
Monitors ETW for security relevant syscalls maintaining the set called by each unique process
Language:C#49 1 05
jdu2600/Get-InjectedThreadEx
Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
Language:PowerShell27 2 04
jdu2600/API-To-ETW
Uses ghidra to find all ETW write metadata for each API in a PE file
Language:Java101
jdu2600/ETW-PPL-Tester
Consume Threat-Intelligence ETW using krabsetw and BYOVD
Language:C++20
jdu2600/EtwExplorer
View ETW Provider manifest
Language:C#2 0 00
jdu2600/PeNet
Portable Executable (PE) library written in .Net
Language:C#2 0 00
jdu2600/RpcRegistrationMonitor
Language:C#2 2 00
jdu2600/krabsetw
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Language:C++1 0 00
jdu2600/EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
Language:Python0 0 00
jdu2600/conference_talks
Slide decks from various conference and meetup talks.
jdu2600/Detours
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
Language:C++0 0
jdu2600/sigma
Generic Signature Format for SIEM Systems
Language:Python0 0

jdu2600

Pinned Repositories

API-To-ETW

CFG-FindHiddenShellcode

ETW-PPL-Tester

Etw-SyscallMonitor

EtwExplorer

EtwTi-FluctuationMonitor

Get-InjectedThreadEx

PeNet

RpcRegistrationMonitor

Windows10EtwEvents

jdu2600's Repositories

jdu2600/Windows10EtwEvents

jdu2600/CFG-FindHiddenShellcode

jdu2600/EtwTi-FluctuationMonitor

jdu2600/Etw-SyscallMonitor

jdu2600/Get-InjectedThreadEx

jdu2600/API-To-ETW

jdu2600/ETW-PPL-Tester

jdu2600/EtwExplorer

jdu2600/PeNet

jdu2600/RpcRegistrationMonitor

jdu2600/krabsetw

jdu2600/EDR-Telemetry

jdu2600/conference_talks

jdu2600/Detours

jdu2600/sigma