Velocidex / go-eseLinks
Go implementation of an Extensible Storage Engine parser
☆29Updated 3 months ago
Alternatives and similar repositories for go-ese
Users that are interested in go-ese are comparing it to the libraries listed below
Sorting:
- ☆33Updated 3 years ago
- a tiny program to consume from ETW providers for research☆48Updated 4 months ago
- Hunt for SQLite files used by various applications☆26Updated last week
- A golang implementation of a prefetch parser.☆19Updated 8 months ago
- A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, E…☆19Updated last week
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆52Updated last year
- ☆45Updated last year
- BloodHound Data Scanner☆45Updated 4 years ago
- Simple PowerShell script to enable process scanning with Yara.☆93Updated 2 years ago
- ☆34Updated 2 years ago
- Windows Security Descriptor Definition Language (SDDL) parser and formatter☆16Updated 4 years ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- Windows registry samples☆23Updated 6 years ago
- THOR Thunderstorm Collectors☆24Updated 2 months ago
- AD Live changes viewer☆36Updated 2 years ago
- PowerShell script that abuses browser bookmark synchronization as a mechanism for sending and receiving data between systems.☆16Updated 2 years ago
- Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing☆21Updated 2 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 2 years ago
- Indicators of Normality☆12Updated 2 years ago
- Utility to inject honey tokens into lsass.☆28Updated 8 years ago
- Go module that allows you to authenticate to Azure with a well known client ID using interactive logon and grab the token☆26Updated 2 years ago
- Threat Mitigation Strategies☆25Updated last year
- A list of IOCs applicable to PoshC2☆24Updated 4 years ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Updated 2 years ago
- C# User Simulation☆32Updated 2 years ago
- Parser for Windows PowerShell script block logs☆13Updated 5 months ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 5 months ago
- Imphash-like calculation on Golang binaries☆49Updated 2 years ago
- Generate YARA rules for OOXML documents.☆38Updated 2 years ago
- Leghorn code for PKI abuse☆32Updated 3 years ago