Nedim Šabić²
Nedim Šabić²
Hi, I'm so happy I've found this package/library! Great work. I'm planning to sunset the [PE](https://github.com/rabbitstack/fibratus/tree/master/pkg/pe) introspection functionality I've initially built into Fibratus in favour of your package. I was...
A prominent use case for filaments is alert post-processing. This would allow any filament defining the `on_next_alert` function to react on alert arrival, either generated by the detection engine or...
Fibratus ships with an embedded Python interpreter which facilitates the loading of the Python standard library and interpreter in addition to eliminating the need for users to install the Python...
### Description Token information class supplied to the `GetTokenInformation` API calls permits consulting the process token impersonation details. More specifically, `TokenType` class indicates if the token is the primary/impersonated token....
### Description To get the list of privileges held by the process, we can use the `GetTokenInformation` API passing the `TokenPrivileges` token information class. After the list of available privileges...
### Description Presently, the Yara scanner acts on process creation and image loading events to initiate the scan. For the former event types, the memory scan is performed on the...
Hi, You might consider adding [Fibratus](https://www.fibratus.io) to the arsenal of tools.
Hi, I'm researching UAC bypasses to come up with the respective detection tradecraft and UACME caught my attention. The `akagi` release binary was produced as indicated in one of the...
The systray component is an independent process that permits interaction with the notification area, mainly for sending balloon alerts when the rules are triggered. In the future, the use cases...
### What is the purpose of this PR / why it is needed? The process state marshaller stores the new `IsWow64`, `IsPackaged`, and `IsProtected` fields into the binary blob. ###...