lordsaibat / finding_windows_privilegesLinks
Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compromise if not evaluated. Privileges can override permission causing a gap of perceived effective permission.
☆10Updated 7 years ago
Alternatives and similar repositories for finding_windows_privileges
Users that are interested in finding_windows_privileges are comparing it to the libraries listed below
Sorting:
- OSSEM Modular☆27Updated 5 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆53Updated 2 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆110Updated 6 years ago
- Trace ScriptBlock execution for powershell v2☆41Updated 5 years ago
- ☆52Updated 7 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 7 years ago
- Set of ultra technical notes about AD☆18Updated 7 years ago
- Automated forensics written in PowerShell☆34Updated 6 years ago
- PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting☆23Updated 6 years ago
- A simple utility to check the status of and/or disable SMBv1 on Windows system via Cb Response's Live Response functionality.☆15Updated 6 years ago
- Get all AD objects which are hidden from you☆18Updated 8 years ago
- Threat Mitigation Strategies☆26Updated 3 months ago
- ☆18Updated 6 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆38Updated 8 years ago
- BloodHound Data Scanner☆45Updated 5 years ago
- Crack your macros like the math pros.☆33Updated 8 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Updated 9 years ago
- Test if an antivirus is installed via the resolution of the service virtual SID☆56Updated 5 years ago
- A PowerShell script to parse the docx/docm file format and update the template location.☆17Updated 6 years ago
- Obtains a list of GPOs based on known Client Side Extensions (CSE) that normally contain passwords☆33Updated 6 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Updated 5 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Updated 7 years ago
- Repository for all cbapi example scripts☆16Updated 7 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 6 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- ☆33Updated last year
- incident response scripts☆19Updated 6 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago