Windows Event Log Knowledge Base
☆31Dec 23, 2025Updated 2 months ago
Alternatives and similar repositories for winevt-kb
Users that are interested in winevt-kb are comparing it to the libraries listed below
Sorting:
- ReviveIT (revit) is a proof of concept file recovery tool (carver)☆13Dec 3, 2020Updated 5 years ago
- 参考taviso的代码逆向一下mpengine.dll☆20Jun 30, 2022Updated 3 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Dec 17, 2025Updated 2 months ago
- Library and tools to access the Common Log File System (CLFS)☆25Dec 4, 2025Updated 3 months ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- Dump macOS 1.8+ password hashes to a hashcat-compatible format☆14May 29, 2022Updated 3 years ago
- ☆29Jan 15, 2021Updated 5 years ago
- A utility to force query DNS over DoH off of CloudFlare API when DNS block is in place☆10Aug 26, 2018Updated 7 years ago
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- Mimikatz embedded as classes☆28Oct 25, 2021Updated 4 years ago
- Library for Object Linking and Embedding (OLE) data types☆12Nov 27, 2025Updated 3 months ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- An updated C# port of X-Ways X-Tensions API.☆11Mar 12, 2018Updated 7 years ago
- Duo MFA auditing tool to test users' likelihood of approving unexpected push notifications☆13Apr 20, 2018Updated 7 years ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- Library and tools to access the Windows Hibernation File (hiberfil.sys) format☆13Dec 20, 2025Updated 2 months ago
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Windows Kernel Debugger over Network (Wireshark dissector and maybe more)☆29Jan 28, 2019Updated 7 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 4 months ago
- Sample evtx files to use for testing hayabusa detection rules☆65Nov 5, 2025Updated 4 months ago
- ☆30Jul 17, 2018Updated 7 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Windows user mini-dump helper library to extract data from it.☆13May 17, 2025Updated 9 months ago
- Windows Registry Knowledge Base☆195Dec 23, 2025Updated 2 months ago
- ☆12Dec 15, 2016Updated 9 years ago
- Small scripts and POCs related to digital forensics☆18Nov 1, 2022Updated 3 years ago
- Library and tools to access the Windows SuperFetch database format☆13Nov 29, 2025Updated 3 months ago
- Microsoft Edge Microsoft Edge主页算法☆20Apr 15, 2019Updated 6 years ago
- An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.☆22Feb 21, 2026Updated last week
- A Golang Registry parser☆19Feb 3, 2025Updated last year
- Library and tools to access the Master Boot Record (MBR) volume system format☆14Dec 21, 2025Updated 2 months ago
- Windows Sandbox Framework☆40Dec 31, 2021Updated 4 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- A utility which enables the installation of macOS Virtual Machines on non-Apple certified VMware vSphere (ESXi), VMware Workstation/Playe…☆13Oct 5, 2018Updated 7 years ago
- Sabonis, a Digital Forensics and Incident Response pivoting tool☆19Mar 3, 2022Updated 4 years ago
- Library and tools to access the Windows Event Log (EVT) format☆60Dec 15, 2025Updated 2 months ago
- Using osquery for Mass Incident Detection & Response☆19Jun 25, 2016Updated 9 years ago