Triaging Windows event logs based on SANS Poster
☆47Nov 22, 2025Updated 3 months ago
Alternatives and similar repositories for Evilize
Users that are interested in Evilize are comparing it to the libraries listed below
Sorting:
- Epimitheus is a tool that uses graphical database Neo4j for Windows Events visualization.☆19Mar 13, 2022Updated 3 years ago
- CVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)☆18Dec 5, 2021Updated 4 years ago
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- This repository contains zip archives of pcaps for our Wireshark tutorial about examining Emotet infection traffic. The password for any …☆25Jan 11, 2021Updated 5 years ago
- Kudzu is a Go C2 platform with an emphasis on extensibility.☆11Mar 30, 2021Updated 4 years ago
- Certipy in Docker☆13Mar 28, 2024Updated last year
- ☆13Feb 25, 2021Updated 5 years ago
- Threat hunting with Sysmon and ArangoDB Graphs☆12Apr 16, 2020Updated 5 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- Some of my drawings☆12May 6, 2022Updated 3 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs☆15Sep 4, 2019Updated 6 years ago
- Command line & PPID spoofing☆29Apr 15, 2023Updated 2 years ago
- Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.☆32Oct 13, 2018Updated 7 years ago
- Bypass cobaltstrike beacon config scan☆84May 24, 2021Updated 4 years ago
- ☆15Jun 5, 2019Updated 6 years ago
- A lightweight C++/C AFF4 reader library☆14Feb 5, 2026Updated last month
- ☆15May 26, 2021Updated 4 years ago
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Sep 4, 2021Updated 4 years ago
- ☆14Apr 16, 2022Updated 3 years ago
- A document tagging library☆33Mar 27, 2025Updated 11 months ago
- ☆133Jul 14, 2021Updated 4 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- Privescker - make life easier by dumping all your common Windows enum, privesc and post exploitation scripts and tools on to the box in o…☆45Apr 4, 2022Updated 3 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Generic Signature Format for SIEM Systems☆18Jul 25, 2023Updated 2 years ago
- WAF测试工具---用例测试(增加result输出)☆13Mar 6, 2015Updated 11 years ago
- Shellcode library as a Go package☆70Nov 1, 2019Updated 6 years ago
- IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228☆16Dec 19, 2021Updated 4 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Cheat-Sheet with events too look out for when analysing malicious Office documents☆19Oct 21, 2017Updated 8 years ago
- ☆14Oct 25, 2022Updated 3 years ago
- Threathunt details for the Solarwinds compromise☆33Jun 26, 2021Updated 4 years ago
- A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into…☆16Nov 6, 2021Updated 4 years ago
- C-based Reverse Shell that uses CMD or PowerShell☆16Aug 15, 2020Updated 5 years ago
- Bypass UAC by abusing the Windows Defender Firewall Control Panel, environment variables, and shell protocol handlers☆18Jul 12, 2021Updated 4 years ago