Parse evtx files and detect use of the DanderSpritz eventlogedit module
☆151Dec 15, 2017Updated 8 years ago
Alternatives and similar repositories for danderspritz-evtx
Users that are interested in danderspritz-evtx are comparing it to the libraries listed below
Sorting:
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- Various scrips☆12Oct 19, 2022Updated 3 years ago
- Remove individual lines from Windows XML Event Log (EVTX) files☆272Apr 17, 2021Updated 4 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Library and tools to access the Windows XML Event Log (EVTX) format☆230Dec 15, 2025Updated 3 months ago
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- ☆432May 3, 2023Updated 2 years ago
- Pure Python parser for Windows Event Log files (.evtx)☆767Jun 18, 2025Updated 9 months ago
- ☆152Jun 5, 2024Updated last year
- A modern Python-3-based alternative to RegRipper☆208Mar 31, 2025Updated 11 months ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 7 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆209Mar 12, 2025Updated last year
- Fix acquired .evt - Windows Event Log files (Forensics)☆18Mar 29, 2016Updated 9 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆105Jul 2, 2017Updated 8 years ago
- Trace ScriptBlock execution for powershell v2☆40Jan 14, 2020Updated 6 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆110Jan 26, 2021Updated 5 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,427Nov 16, 2023Updated 2 years ago
- YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack☆16Jan 6, 2021Updated 5 years ago
- ☆12Jun 29, 2021Updated 4 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆116Jan 8, 2025Updated last year
- Reconstruct process trees from event logs☆147Aug 12, 2020Updated 5 years ago
- Git for me to put all my forensics stuff☆23Sep 2, 2025Updated 6 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- A Windows Event Processing Utility☆47Feb 21, 2018Updated 8 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,137Oct 19, 2025Updated 5 months ago
- The goal of this project is to examine, reverse, and document the different modules available in the Equation Group's DanderSpritz post-e…☆335Jun 23, 2018Updated 7 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆119Nov 6, 2020Updated 5 years ago
- Registry Explorer bookmark definitions☆44Dec 19, 2024Updated last year
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- PowerShell Script to Dump Windows Credentials from the Credential Manager☆733Dec 12, 2017Updated 8 years ago
- Lazy Office Analyzer☆121Feb 15, 2017Updated 9 years ago
- Attacking and defending web and VPN session hijacking in Pulse Secure Connect☆14Oct 24, 2019Updated 6 years ago
- ☆309Aug 14, 2020Updated 5 years ago
- RDP Bitmap Cache parser☆638Jan 21, 2025Updated last year
- A fully functional DanderSpritz lab in 2 commands☆448May 16, 2019Updated 6 years ago
- ☆519Jan 26, 2021Updated 5 years ago