mattifestation / TCGLogToolsLinks
A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.
☆66Updated 7 years ago
Alternatives and similar repositories for TCGLogTools
Users that are interested in TCGLogTools are comparing it to the libraries listed below
Sorting:
- Analysis and manipulation of extended attribute ($EA) on NTFS☆38Updated 10 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Updated 8 years ago
- A collection of free miscellaneous Windows tools☆139Updated 3 months ago
- The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, wi…☆147Updated 4 years ago
- All TMF files that I extracted from Microsoft PDBs.☆13Updated 6 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆149Updated 5 years ago
- Parse Microsoft shim databases☆31Updated 9 months ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 5 years ago
- AppContainer and LPAC (Less Privileged AppContainer) Launcher with Capabilities☆60Updated last year
- DotNext 2019 St. Petersburg Talk Demos☆39Updated 6 years ago
- Blocks drivers from loading by using a name collision technique. #nsacyber☆50Updated 7 years ago
- WNF Utilities 4 Newbies (WNFUN)☆97Updated 6 years ago
- Event metadata collected across all manifest-based ETW providers on Window 10 1903☆31Updated 5 years ago
- A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies☆227Updated 3 years ago
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆62Updated last year
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆61Updated 5 years ago
- Expand compressed files from WinSxS folder☆164Updated 3 months ago
- Example/starter code for custom Windows application compatibility shims☆35Updated 4 years ago
- Named pipe I/O ETW provider for Windows☆71Updated 5 years ago
- ☆68Updated 3 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆80Updated last month
- Documentation and supporting script sample for Windows Exploit Guard☆158Updated last month
- ☆20Updated 5 months ago
- Demos and presentation from SECArmy Village Grayhat 2020☆37Updated 2 years ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆69Updated 4 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- ☆29Updated 2 years ago
- Windows Detour Hooking in PowerShell☆81Updated last year
- ☆63Updated last year
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆144Updated 5 years ago