logpresso / community
Logpresso Mini and community contents for incident response
☆15Updated 2 years ago
Related projects: ⓘ
- Some portable tools, some YARA, some Python, and a little bit of love. Not all of these tools can be used in incident response. Use PEs…☆33Updated 9 months ago
- ☆14Updated 5 months ago
- Takes the original idea of NetCease and adds functionality☆24Updated 2 years ago
- Threat Mitigation Strategies☆23Updated last year
- Evtx Log (xml) Browser☆54Updated last year
- Cmdlets for capturing Windows Events☆12Updated 2 years ago
- Collection Of Scripts And Utilities For Windows Event Hunting☆16Updated 4 years ago
- ☆18Updated this week
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆50Updated last year
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆24Updated 2 years ago
- Notebooks created to attack and secure Active Directory environments☆27Updated 4 years ago
- Yara rules written by me, for free use.☆17Updated 2 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Updated 5 years ago
- Automatically generated Sysmon parser for Azure Sentinel☆14Updated this week
- Random PowerShell Scripts☆16Updated 3 years ago
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆21Updated last year
- A set of tools for collecting forensic information☆24Updated 4 years ago
- SQL scripts for querying event logs☆21Updated 7 years ago
- ☆12Updated 3 years ago
- Indicator of Compromise Scanner for CVE-2019-19781☆92Updated 4 years ago
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆13Updated 3 years ago
- Windows 10 Live Information viewer☆33Updated 2 years ago
- Parser for Sdba memory pool tags☆17Updated 3 years ago
- This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode☆22Updated 2 months ago
- Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at ht…☆24Updated last year
- Lets you write arbitrary registry entries to Group Policy related .pol files (e.g. registry.pol)☆11Updated 5 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆28Updated 3 years ago
- Indicators of Normality☆12Updated 2 years ago
- Renamed to Free EDR to avoid confusion with Comodo's project☆22Updated last year
- ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.☆34Updated last year