mandiant / SilkETW
☆732Updated last year
Related projects ⓘ
Alternatives and complementary repositories for SilkETW
- PowerShell Obfuscation Detection Framework☆725Updated 11 months ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆417Updated 3 years ago
- View ETW Provider manifest☆432Updated 2 weeks ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆268Updated 6 months ago
- ☆482Updated 2 months ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆899Updated 11 months ago
- Tool Analysis Result Sheet☆345Updated 6 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆572Updated 6 months ago
- ☆417Updated last year
- Event Tracing For Windows (ETW) Resources☆349Updated last month
- PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monit…☆775Updated last year
- Live hunting of code injection techniques☆375Updated 5 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆417Updated 10 months ago
- Misc Threat Hunting Resources☆372Updated last year
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆596Updated last week
- Utilities for Sysmon☆1,489Updated 5 months ago
- Expriments☆442Updated last month
- A wireshark plugin to instrument ETW☆535Updated 2 years ago
- Repository of YARA rules made by Trellix ATR Team☆570Updated 11 months ago
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆704Updated last year
- C# based evtx parser with lots of extras☆282Updated 2 months ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆775Updated last year
- An Active Defense and EDR software to empower Blue Teams☆1,239Updated last year
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆543Updated this week
- Detect and respond to Cobalt Strike beacons using ETW.☆481Updated 2 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆210Updated 5 years ago
- PowerShell Remote Download Cradle Generator & Obfuscator☆822Updated 6 years ago
- All sysmon event types and their fields explained☆537Updated 3 years ago
- A collection of red team and adversary emulation resources developed and released by MITRE.☆492Updated 3 years ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆289Updated 3 years ago