fox-it / danderspritz-evtxLinks
Parse evtx files and detect use of the DanderSpritz eventlogedit module
☆147Updated 7 years ago
Alternatives and similar repositories for danderspritz-evtx
Users that are interested in danderspritz-evtx are comparing it to the libraries listed below
Sorting:
- Allows you to quickly query a Windows machine for RAM artifacts☆220Updated 5 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- Python script to decode common encoded PowerShell scripts☆217Updated 7 years ago
- Reconstruct process trees from event logs☆147Updated 5 years ago
- ☆278Updated 2 years ago
- Page File analysis tools.☆128Updated 9 years ago
- ☆350Updated 4 years ago
- ☆427Updated 2 years ago
- PowerShell No Agent Hunting☆109Updated 7 years ago
- Malware Sinkhole List in various formats☆102Updated 3 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆119Updated 4 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- Cuckoo running in a nested hypervisor☆128Updated 5 years ago
- IR-Tools - PowerShell tools for IR☆130Updated 8 years ago
- PowerShell script for hunting webshells on Microsoft Exchange Servers.☆56Updated 8 years ago
- Python script for extracting USB information from Windows registry hives☆128Updated 6 years ago
- VolatilityBot – An automated memory analyzer for malware samples and memory dumps☆270Updated 4 years ago
- Autoruns plugin for the Volatility framework☆122Updated 6 years ago
- ☆135Updated 6 years ago
- ☆304Updated 5 years ago
- Comae Hibernation File Decompressor☆155Updated 2 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- snake - a malware storage zoo☆217Updated 2 years ago
- Detecting Lateral Movement with Machine Learning☆138Updated 7 years ago
- Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launche…☆263Updated 3 years ago
- Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)☆105Updated 4 years ago
- A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.☆172Updated 7 months ago
- Query and report user logons relations from MS Windows Security Events☆243Updated 7 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆120Updated last year
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆87Updated 8 years ago