bi-zone / etwLinks
Go library for ETW (Event Tracing for Windows) events processing
☆67Updated 3 years ago
Alternatives and similar repositories for etw
Users that are interested in etw are comparing it to the libraries listed below
Sorting:
- ☆38Updated 2 years ago
- Golang Parser for Microsoft Event Logs☆104Updated last month
- enpoint detection / live analysis & sandbox host / signatures quality test☆44Updated 4 years ago
- Signature engine for all your logs☆171Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆154Updated 3 years ago
- Golang parser for OLE files☆32Updated 4 months ago
- Golang library that implements a sigma log rule parser and match engine.☆95Updated last year
- Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"☆17Updated 5 months ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 3 years ago
- Process Injection Techniques with Golang☆79Updated 5 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆172Updated last month
- Go implementation of an Extensible Storage Engine parser☆30Updated 5 months ago
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆61Updated 2 years ago
- A Go implementation and parser for Sigma rules.☆88Updated 2 months ago
- ☆165Updated 2 years ago
- A repository that maps API calls to Sysmon Event ID's.☆122Updated 2 years ago
- A Go implementation of JARM☆119Updated 3 years ago
- An NTFS file parser in Go☆70Updated 4 months ago
- Mainpulate, Steal and Modify Windows Tokens in Go☆74Updated 2 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆80Updated 2 months ago
- Alternative YARA scanning engine☆72Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆140Updated 2 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- Windows Task Scheduler Library for Go☆150Updated 2 months ago
- NTFS Master File Table (MFT) parser for Go.☆43Updated 11 months ago
- Simple PowerShell script to enable process scanning with Yara.☆95Updated 2 years ago
- A PoC package for hosting the CLR and executing .NET from Go☆225Updated 2 years ago