A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.
☆69Jun 17, 2018Updated 7 years ago
Alternatives and similar repositories for TCGLogTools
Users that are interested in TCGLogTools are comparing it to the libraries listed below
Sorting:
- A PowerShell module to assist in parsing and managing catalog files.☆22Jan 12, 2017Updated 9 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆101Jan 7, 2018Updated 8 years ago
- Fix acquired .evt - Windows Event Log files (Forensics)☆18Mar 29, 2016Updated 9 years ago
- Sysmon configuration☆65Jul 12, 2018Updated 7 years ago
- Containerized IDA Pro (Windows/Wine), DEPRECIATED, please use https://github.com/NyaMisty/docker-wine-ida☆26Nov 23, 2017Updated 8 years ago
- Sysmon Tools for PowerShell☆233Aug 17, 2018Updated 7 years ago
- Defender for Endpoint☆28Jul 12, 2024Updated last year
- Telegram-based PowerShell Runspace Host☆11Dec 8, 2022Updated 3 years ago
- A python API for the VMware Fusion CLI tools.☆11Aug 2, 2021Updated 4 years ago
- Scripts for automating actions in Cobalt Strike☆11Jul 1, 2016Updated 9 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- All TMF files that I extracted from Microsoft PDBs.☆14Jun 29, 2019Updated 6 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Invoke CyberArk PARClient.exe Utility with PowerShell☆12Feb 12, 2020Updated 6 years ago
- ☆13Apr 6, 2016Updated 9 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115May 27, 2017Updated 8 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆18Oct 7, 2016Updated 9 years ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35May 21, 2025Updated 9 months ago
- Custom scripts released for BSidesDC 2016☆14Oct 19, 2016Updated 9 years ago
- A library implementing a generic SQL like query language.☆21Sep 15, 2025Updated 5 months ago
- Materials from my Circle City Con talk: Fantastic OSINT (and where to find it)☆23Jul 1, 2016Updated 9 years ago
- Autotuner Windows 10 for awesome perfomance setting, privacy and security.☆12Dec 4, 2018Updated 7 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆42May 9, 2019Updated 6 years ago
- Using Undocumented NTDLL Functions to Read/Write/Delete File☆18Jan 25, 2021Updated 5 years ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- Splunk app for Threat hunting☆15Nov 15, 2018Updated 7 years ago
- A Dockerized Ghidra Server☆15Jan 9, 2021Updated 5 years ago
- A PowerShell binding for the Unicorn Engine☆17Dec 27, 2015Updated 10 years ago
- ☆27Jul 13, 2025Updated 7 months ago
- MSIX App Attach repo☆25Sep 16, 2025Updated 5 months ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 4 years ago
- iknowthis Linux SystemCall Fuzzer☆20Apr 18, 2019Updated 6 years ago
- ☆19Sep 2, 2018Updated 7 years ago
- Placeholder for my detection repo and misc detection engineering content☆42Oct 20, 2023Updated 2 years ago
- Documentation site for Velociraptor☆67Updated this week
- PowerShell Tools for CyberArk☆19Dec 13, 2019Updated 6 years ago
- A PowerShell function that scans for the existence of a Sticky Keys backdoor.☆24Aug 10, 2017Updated 8 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago