georgi-i / winevt_logs_analysisLinks
Searching .evtx logs for remote connections
☆24Updated 2 years ago
Alternatives and similar repositories for winevt_logs_analysis
Users that are interested in winevt_logs_analysis are comparing it to the libraries listed below
Sorting:
- CIS Benchmark testing of Windows SIEM configuration☆45Updated 2 years ago
- ☆55Updated 11 months ago
- CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"☆51Updated 3 years ago
- A project created with an aim to emulate and test exfiltration of data over different network protocols.☆31Updated 2 years ago
- Check for NotProxyShell CVE-2022-40140 & CVE-2022-41082☆26Updated 3 years ago
- Analyzing AD domains for security risks related to user accounts☆64Updated 3 years ago
- Perform Windows domain enumeration via LDAP☆37Updated 3 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 3 years ago
- Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products.☆28Updated 2 years ago
- ☆18Updated last year
- Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them b…☆21Updated 3 months ago
- Red Teaming & Active Directory Cheat Sheet.☆41Updated 2 years ago
- Multi-threaded C2 framework built in Flask with keylogger - from the Offensive C# Course by Naga Sai Nikhil☆21Updated 3 years ago
- ☆53Updated 2 years ago
- Retrieve AD accounts description and search for password in it☆82Updated 3 years ago
- ☆43Updated 3 years ago
- A tool to exchange decryption keys for command and control (C2) beacons and implants through DNS records.☆39Updated 2 years ago
- RDP Checker☆65Updated last year
- A little implant which SSH's back with a shell☆38Updated 3 years ago
- Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.☆19Updated 3 years ago
- Building ActiveDirectory Lab for practicing various attack vectors used during Red Team engagement.☆38Updated 5 years ago
- ☆31Updated 3 years ago
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆55Updated 4 years ago
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 3 years ago
- Active DIrectory Lab for Pentesting Practice☆24Updated 3 years ago
- CLI Search for Security Operators of MITRE ATT&CK URLs☆16Updated 2 years ago
- Items related to the RedELK workshop given at security conferences☆29Updated 2 years ago
- basic proxy as an azure function serverless app☆18Updated 2 years ago
- Updated version of PowerDNS by @domchell. Adds support for transfers over DNS A records and a few other useful features.☆83Updated 2 years ago
- ☆14Updated 3 years ago