mattifestation / WDACTools
A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
☆199Updated 2 years ago
Related projects: ⓘ
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆197Updated this week
- A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies☆59Updated 9 months ago
- Module to provide PowerShell functions that abstract Win32 API functions☆236Updated 3 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆261Updated 4 months ago
- Event Tracing For Windows (ETW) Resources☆342Updated 10 months ago
- Documentation and supporting script sample for Windows Exploit Guard☆148Updated 2 years ago
- A Powershell module that helps you identify AppLocker weaknesses☆159Updated 4 years ago
- A collection of free miscellaneous Windows tools☆118Updated 3 weeks ago
- PowerShell Module for managing Microsoft Defender Advanced Threat Protection☆68Updated last year
- ☆46Updated 2 months ago
- Custom ADMX template focused on hardening Windows 10 systems☆73Updated 6 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆206Updated 5 years ago
- Run application as system with interactive system process support (active Windows session)☆222Updated last month
- RPC Monitor tool based on Event Tracing for Windows☆324Updated last month
- Sysmon-Like research tool for ETW☆327Updated last year
- ☆214Updated 4 months ago
- Windows Registry Knowledge Base☆158Updated 5 months ago
- Sysmon Tools for PowerShell☆229Updated 6 years ago
- Windows Diagnostics, Data Collection and Analysis tools☆164Updated 3 years ago
- ☆246Updated 4 months ago
- ☆144Updated last year
- Protect your Domain Controllers by auditing and restricting LDAP requests☆93Updated 2 weeks ago
- Powershell Event Tracing Toolbox☆72Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆109Updated 2 years ago
- ☆58Updated 7 months ago
- ☆474Updated 3 weeks ago
- Tool to convert SDDL to readable text☆37Updated 6 years ago
- ☆105Updated 5 years ago
- Public content repo for ATA documentation in OPS☆73Updated this week
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆107Updated 2 weeks ago