bi-zone / etwLinks
Go library for ETW (Event Tracing for Windows) events processing
☆68Updated 3 years ago
Alternatives and similar repositories for etw
Users that are interested in etw are comparing it to the libraries listed below
Sorting:
- ☆39Updated 2 years ago
- Golang Parser for Microsoft Event Logs☆104Updated last month
- enpoint detection / live analysis & sandbox host / signatures quality test☆44Updated 4 years ago
- Signature engine for all your logs☆171Updated last year
- Go implementation of an Extensible Storage Engine parser☆30Updated 6 months ago
- Golang parser for OLE files☆32Updated 5 months ago
- A Go implementation and parser for Sigma rules.☆90Updated 3 months ago
- Golang library that implements a sigma log rule parser and match engine.☆98Updated last year
- ☆166Updated 2 years ago
- An NTFS file parser in Go☆70Updated 5 months ago
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆61Updated 2 years ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 3 years ago
- A Go implementation of JARM☆119Updated 3 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆216Updated 5 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆155Updated 3 years ago
- Alternative YARA scanning engine☆72Updated 2 years ago
- Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"☆17Updated 6 months ago
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆174Updated last month
- Call virtual methods on C++ classes from Go without cgo.☆26Updated 4 years ago
- Fork of pkg/debug that adds some additional functionality.☆127Updated last year
- A Portable Executable parser for Golang☆47Updated 7 months ago
- Process Injection Techniques with Golang☆79Updated 5 years ago
- Mainpulate, Steal and Modify Windows Tokens in Go☆74Updated 2 years ago
- APIs for generating STIX 2.1 and TAXII 2.1 messages with Go (Golang)☆54Updated 8 months ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆15Updated 7 years ago
- Collect autorun records from running system☆60Updated 3 years ago
- A guide on how to write fast and memory friendly YARA rules☆151Updated 6 months ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- gyp: A pure Go YARA parser☆106Updated last year