chentiangemalc / EtlToCap
EtlToCap
☆9Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for EtlToCap
- EventList - the Baseline Event Analyzer☆11Updated 5 years ago
- Generate RSA keys, encrypt and decrypt data☆24Updated 3 years ago
- ☆21Updated 8 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆30Updated 4 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆20Updated 7 years ago
- PowerShell Over WMI☆17Updated 5 years ago
- Baseline Health Scripts☆10Updated 7 years ago
- MSTSC Packet Dump Utility☆27Updated 2 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- ComPower is a Windows PowerShell module to work with the Component Object Model (COM).☆27Updated 10 years ago
- PowerShell Module for the Antimalware Scan Interface (AMSI)☆25Updated 8 years ago
- Parse Microsoft shim databases☆29Updated 2 months ago
- Mount VSCs with ease!☆14Updated last year
- Windows registry samples☆23Updated 6 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 4 years ago
- ☆16Updated 5 years ago
- A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions☆54Updated 8 years ago
- Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…☆18Updated 2 months ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- Collection of scripts to Invoke an expression with different credentials.☆33Updated 3 years ago
- ☆27Updated last year
- Hyper-V virtual switch packet capturing extension with libpcap / Wireshark format☆12Updated 10 years ago
- Library for Windows XML Event Log (EVTX) data types☆17Updated last month
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆30Updated 8 months ago
- Looks up permissions within Active Directory on a target (OU or Computer) to determine access to LAPS attributes (ms-Mcs-AdmPwdExpiration…☆15Updated last year
- Analysis and manipulation of extended attribute ($EA) on NTFS☆39Updated 9 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆51Updated last year
- Windows Runtime API Interop Utilities for Windows PowerShell☆28Updated 4 years ago
- PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later☆20Updated 8 years ago