mattifestation / WindowsEventLogMetadata

Related projects: ⓘ

• airbus-cert / PSTrace
  Trace ScriptBlock execution for powershell v2
  ☆39Updated 4 years ago
• vletoux / ADSecrets
  Set of ultra technical notes about AD
  ☆18Updated 6 years ago
• zacbrown / PowerKrabsEtw
  PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
  ☆103Updated 3 years ago
• SadProcessor / WatchDog
  BloodHound Data Scanner
  ☆43Updated 4 years ago
• darkoperator / vscode-sysmon
  Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
  ☆50Updated last year
• acochenour / PSInspect
  PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later
  ☆20Updated 8 years ago
• danielbohannon / DevSec-Defense
  Accompanying PowerShell Modules for DevSec Defense Presentation
  ☆27Updated 6 years ago
• NotAwful / Sysmon-DSC
  ☆17Updated this week
• commial / LiveDiffAD
  AD Live changes viewer
  ☆35Updated last year
• arekfurt / WinAWL
  ☆18Updated 5 years ago
• lordsaibat / finding_windows_privileges
  Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compro…
  ☆10Updated 6 years ago
• zacbrown / PowerShellMethodAuditor
  PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.
  ☆37Updated 7 years ago
• ubeeri / Invoke-PWAudit
  A PowerShell tool which provides an easy way to check for shared passwords between Windows Active Directory accounts
  ☆33Updated 5 years ago
• threatexpress / threat-mitigation
  Threat Mitigation Strategies
  ☆23Updated last year
• secgroundzero / ossem_modular
  OSSEM Modular
  ☆27Updated 4 years ago
• OmerYa / Babel-Shellfish
  Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
  ☆41Updated 5 years ago
• DissectMalware / OfficeForensicTools
  A set of tools for collecting forensic information
  ☆24Updated 4 years ago
• agreenjay / sysmon
  A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data
  ☆40Updated 4 years ago
• mattifestation / MSFTTraceMessageFormat
  All TMF files that I extracted from Microsoft PDBs.
  ☆12Updated 5 years ago
• matthastings / PSalander
  ☆51Updated 6 years ago
• dwestgard / threat_hunting_tables
  Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs
  ☆42Updated 5 years ago
• HarmJ0y / Invoke-ADDefense
  Defensive-oriented Active Directory enumeration
  ☆23Updated 8 years ago
• mattifestation / WDACPolicies
  A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies
  ☆59Updated 9 months ago
• netwrix / LAPS-Permissions-Collection
  Looks up permissions within Active Directory on a target (OU or Computer) to determine access to LAPS attributes (ms-Mcs-AdmPwdExpiration…
  ☆15Updated last year
• Duffney / WEF_ADSecuirtyLogs
  Windows Event Forwarding for Active Directory Security Logs
  ☆28Updated 8 years ago
• mkellerman / PSRunAs
  Collection of scripts to Invoke an expression with different credentials.
  ☆33Updated 3 years ago
• jeperez / windows-operating-system-archaeology
  windows-operating-system-archaeology @Enigma0x3 @subTee
  ☆44Updated 7 years ago
• matthewdunwoody / PS_logging_reg
  A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed
  ☆16Updated 8 years ago
• rvazarkar / SharpHound
  ☆18Updated 7 years ago
• mattifestation / CatalogTools
  A PowerShell module to assist in parsing and managing catalog files.
  ☆19Updated 7 years ago