Alternatives and similar repositories for WindowsEventLogMetadata

Users that are interested in WindowsEventLogMetadata are comparing it to the libraries listed below

• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆40Updated 5 years ago
• zacbrown / PowerKrabsEtw
  PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
  ☆103Updated 4 years ago
• mattifestation / WDACPolicies
  A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies
  ☆62Updated last year
• matthastings / PSalander
  ☆52Updated 6 years ago
• zacbrown / PowerShellMethodAuditor
  PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.
  ☆38Updated 7 years ago
• mattifestation / CatalogTools
  A PowerShell module to assist in parsing and managing catalog files.
  ☆22Updated 8 years ago
• palantir / exploitguard
  Documentation and supporting script sample for Windows Exploit Guard
  ☆157Updated 3 years ago
• agreenjay / sysmon
  A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data
  ☆39Updated 5 years ago
• mattifestation / MSFTTraceMessageFormat
  All TMF files that I extracted from Microsoft PDBs.
  ☆14Updated 6 years ago
• OmerYa / Babel-Shellfish
  Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
  ☆43Updated 6 years ago
• darkoperator / vscode-sysmon
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆53Updated 2 years ago
• commial / LiveDiffAD
  AD Live changes viewer
  ☆36Updated 2 years ago
• 0xAnalyst / Sysmon
  Sysmon config for both Windows and Linux Devices. Windows one is a bit dated
  ☆57Updated last year
• lordsaibat / finding_windows_privileges
  Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compro…
  ☆10Updated 7 years ago
• netwrix / LAPS-Permissions-Collection
  Looks up permissions within Active Directory on a target (OU or Computer) to determine access to LAPS attributes (ms-Mcs-AdmPwdExpiration…
  ☆15Updated 2 years ago
• vletoux / ADSecrets
  Set of ultra technical notes about AD
  ☆18Updated 7 years ago
• secgroundzero / ossem_modular
  OSSEM Modular
  ☆27Updated 5 years ago
• adamdriscoll / AMSI
  PowerShell Module for the Antimalware Scan Interface (AMSI)
  ☆25Updated 8 years ago
• arekfurt / WinAWL
  ☆18Updated 6 years ago
• forensiclunch / ETLParser
  Binary commandline executable to parse ETL files
  ☆67Updated 7 years ago
• OTRF / Set-AuditRule
  Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
  ☆94Updated 3 years ago
• tvfischer / ps-srum-hunting
  PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
  ☆23Updated 5 years ago
• duffney / WEF_ADSecuirtyLogs
  Windows Event Forwarding for Active Directory Security Logs
  ☆29Updated 9 years ago
• jeperez / windows-operating-system-archaeology
  windows-operating-system-archaeology @Enigma0x3 @subTee
  ☆47Updated 8 years ago
• jaredcatkinson / PSReflect-Functions
  Module to provide PowerShell functions that abstract Win32 API functions
  ☆248Updated last year
• Invoke-IR / WmiEvent
  A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions
  ☆55Updated 9 years ago
• zacbrown / hiddentreasure-etw-demo
  Basic demo for Hidden Treasure talk.
  ☆49Updated 7 years ago
• mkorman90 / sysmon-config-bypass-finder
  Detect possible sysmon logging bypasses given a specific configuration
  ☆111Updated 6 years ago
• MrAnde7son / PowerShell
  Some security related PowerShell scripts I developed.
  ☆79Updated 7 years ago
• sumeshi / evtx2es
  A library for fast parse & import of Windows Eventlogs into Elasticsearch.
  ☆85Updated 2 months ago