mattifestation / TCGLogTools
A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.
☆54Updated 6 years ago
Related projects: ⓘ
- Analysis and manipulation of extended attribute ($EA) on NTFS☆38Updated 9 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆19Updated 7 years ago
- Parse Microsoft shim databases☆28Updated 2 weeks ago
- Blocks drivers from loading by using a name collision technique. #nsacyber☆44Updated 6 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆30Updated 4 years ago
- The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, wi…☆134Updated 3 years ago
- ☆21Updated this week
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆150Updated 4 years ago
- A collection of free miscellaneous Windows tools☆118Updated 3 weeks ago
- NTFS samples☆24Updated 4 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆59Updated 9 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆70Updated 3 weeks ago
- Extension blocks as found in ShellBags and other places in the Registry☆23Updated 2 weeks ago
- PowerShell Module for the Antimalware Scan Interface (AMSI)☆25Updated 7 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 3 years ago
- DotNext 2019 St. Petersburg Talk Demos☆36Updated 5 years ago
- AppContainer and LPAC (Less Privileged AppContainer) Launcher with Capabilities☆57Updated last year
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆103Updated last month
- Decode security descriptors in $Secure on NTFS☆20Updated 2 years ago
- ☆60Updated 5 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Updated 3 years ago
- Python script to extract embedded data from binaries generated by SAPIEN Script Packager☆11Updated 6 months ago
- ☆15Updated 2 weeks ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆57Updated 3 years ago
- A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies☆199Updated 2 years ago
- ☆68Updated 2 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆148Updated 2 years ago
- ☆21Updated 8 years ago