ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
etw memory-scanning blueteam memory-scanner realtime-monitoring remote-thread-injection processmonitoring meterpreter-detection tcpip-monitoring thread-monitor imageloads malicious-traffic-detection detection-etw-events virtualmemallocation-detection memory-scanner-by-etw-events threat-hunting-via-etw threat-hunting-via-sysmon cobaltstrike-detection payload-detection technique-detection
-
Updated
Mar 20, 2024 - C#