Vulnerability scanners @GitHub
Tools @Testlab
macOS EDR techniques
Linux EDR techniques
Windows EDR techniques
EDR shell scripts @GitHub
Windows core
Windows sysinternals
Windows event logs
Sysmon
Osquery basics
“WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager’s name space.” (official definition)