lordsaibat / finding_windows_privilegesLinks
Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compromise if not evaluated. Privileges can override permission causing a gap of perceived effective permission.
☆10Updated 7 years ago
Alternatives and similar repositories for finding_windows_privileges
Users that are interested in finding_windows_privileges are comparing it to the libraries listed below
Sorting:
- OSSEM Modular☆27Updated 5 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆54Updated 2 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 5 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆110Updated 7 years ago
- ☆52Updated 7 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆38Updated 8 years ago
- ☆18Updated 6 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 7 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 6 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Updated 9 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆63Updated 2 years ago
- Get all AD objects which are hidden from you☆18Updated 8 years ago
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆39Updated 5 years ago
- Automated forensics written in PowerShell☆34Updated 6 years ago
- BloodHound Data Scanner☆45Updated 5 years ago
- Splunk App to assist Sysmon Threat Hunting☆38Updated 8 years ago
- Set of ultra technical notes about AD☆18Updated 7 years ago
- Obtains a list of GPOs based on known Client Side Extensions (CSE) that normally contain passwords☆33Updated 6 years ago
- Presentation Slides☆26Updated 6 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Updated 3 years ago
- A PowerShell script to parse the docx/docm file format and update the template location.☆17Updated 6 years ago
- PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting☆23Updated 6 years ago
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Updated 6 years ago
- Threat Mitigation Strategies☆26Updated 4 months ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆22Updated 7 years ago
- Win32 utility for auditing TCP connections☆56Updated 5 years ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆30Updated 4 years ago
- Microsoft Flow Attack Framework☆23Updated 6 years ago
- Repository for my ATT&CK analysis research.☆70Updated 6 years ago