lordsaibat / finding_windows_privilegesLinks
Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compromise if not evaluated. Privileges can override permission causing a gap of perceived effective permission.
☆10Updated 7 years ago
Alternatives and similar repositories for finding_windows_privileges
Users that are interested in finding_windows_privileges are comparing it to the libraries listed below
Sorting:
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆53Updated 2 years ago
- OSSEM Modular☆27Updated 5 years ago
- ☆52Updated 6 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 4 years ago
- Set of ultra technical notes about AD☆18Updated 7 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Updated 9 years ago
- Automated forensics written in PowerShell☆34Updated 5 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆38Updated 7 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆111Updated 6 years ago
- A simple utility to check the status of and/or disable SMBv1 on Windows system via Cb Response's Live Response functionality.☆15Updated 6 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- BloodHound Data Scanner☆45Updated 5 years ago
- ☆32Updated 9 months ago
- Get all AD objects which are hidden from you☆18Updated 8 years ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆29Updated 4 years ago
- PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting☆23Updated 5 years ago
- Obtains a list of GPOs based on known Client Side Extensions (CSE) that normally contain passwords☆33Updated 6 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Updated 5 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- Threat Mitigation Strategies☆25Updated 2 weeks ago
- PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpo…☆51Updated 6 years ago
- ☆18Updated 6 years ago
- Set of utilities for getting information about Windows Events☆15Updated 7 years ago
- gpocheck☆30Updated last year
- Repository for all cbapi example scripts☆16Updated 6 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Updated 6 years ago
- Test if an antivirus is installed via the resolution of the service virtual SID☆56Updated 5 years ago