bi-zone / etwLinks
Go library for ETW (Event Tracing for Windows) events processing
☆68Updated 3 years ago
Alternatives and similar repositories for etw
Users that are interested in etw are comparing it to the libraries listed below
Sorting:
- ☆42Updated 3 years ago
- Golang Parser for Microsoft Event Logs☆105Updated 3 months ago
- enpoint detection / live analysis & sandbox host / signatures quality test☆44Updated 4 years ago
- Signature engine for all your logs☆171Updated last year
- A Go implementation of JARM☆119Updated 3 years ago
- Go implementation of an Extensible Storage Engine parser☆31Updated 8 months ago
- A Go implementation and parser for Sigma rules.☆92Updated 5 months ago
- Golang library that implements a sigma log rule parser and match engine.☆100Updated last year
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆126Updated 3 years ago
- ☆166Updated 2 years ago
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆62Updated 2 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆157Updated 4 years ago
- Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"☆17Updated 8 months ago
- Golang parser for OLE files☆32Updated 7 months ago
- An NTFS file parser in Go☆70Updated 7 months ago
- Fork of pkg/debug that adds some additional functionality.☆128Updated last year
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆180Updated 4 months ago
- Alternative YARA scanning engine☆72Updated 3 years ago
- Process Injection Techniques with Golang☆80Updated 5 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- gyp: A pure Go YARA parser☆106Updated last year
- Call virtual methods on C++ classes from Go without cgo.☆28Updated 4 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 6 years ago
- Collect autorun records from running system☆60Updated 3 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆144Updated 2 years ago
- A Portable Executable parser for Golang☆47Updated last week
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆66Updated 3 years ago
- Windows Task Scheduler Library for Go☆151Updated last month
- ☆254Updated last year