mattifestation / TCGLogTools
A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.
☆54Updated 6 years ago
Alternatives and similar repositories for TCGLogTools:
Users that are interested in TCGLogTools are comparing it to the libraries listed below
- A PowerShell module to assist in parsing and managing catalog files.☆21Updated 8 years ago
- Analysis and manipulation of extended attribute ($EA) on NTFS☆38Updated 9 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, wi…☆140Updated 3 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- Blocks drivers from loading by using a name collision technique. #nsacyber☆45Updated 7 years ago
- Parse Microsoft shim databases☆29Updated last month
- Named pipe I/O ETW provider for Windows☆69Updated 4 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 4 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 4 years ago
- DotNext 2019 St. Petersburg Talk Demos☆38Updated 5 years ago
- A collection of free miscellaneous Windows tools☆129Updated 5 months ago
- Faster version of `symchk /om` for generating PDB manifests of offline machines☆19Updated 3 years ago
- AppContainer and LPAC (Less Privileged AppContainer) Launcher with Capabilities☆58Updated 4 months ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆52Updated 2 years ago
- Windows registry samples☆23Updated 6 years ago
- BITS Transfers Manager☆40Updated 2 years ago
- ☆21Updated 8 years ago
- A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.☆54Updated 5 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115Updated 7 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- ☆16Updated last month
- Extension blocks as found in ShellBags and other places in the Registry☆24Updated last month
- extract and parse WEVT_TEMPLATEs from PE files☆18Updated last year
- Library and tools to access the Windows Prefetch File (SCCA) format.☆72Updated last month
- Scripts to prepare Windows system for debugging.☆30Updated 4 years ago
- Windows Process Lockdown Tool using Job Objects☆69Updated 11 years ago
- A PowerShell binding for the Unicorn Engine☆17Updated 9 years ago
- WNF Utilities 4 Newbies (WNFUN)☆93Updated 6 years ago