mgeeky / procmon-filters
SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral analysis of testing specimens. Inspired and based on Lenny Zeltser's collection.
☆62Updated 2 years ago
Related projects: ⓘ
- Parses the WMI object database....looking for persistence☆31Updated 4 years ago
- Detect possible sysmon logging bypasses given a specific configuration☆107Updated 5 years ago
- Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.☆50Updated last year
- Manipulate timestamps on NTFS☆48Updated 9 years ago
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆86Updated 2 years ago
- Random hunting ordiented yara rules☆95Updated last year
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆48Updated 5 months ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆73Updated 2 months ago
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆25Updated 3 months ago
- ☆35Updated 3 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆62Updated last year
- ☆22Updated last year
- Simple PowerShell script to enable process scanning with Yara.☆86Updated last year
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- XOR Key Extractor☆48Updated last month
- A collection of useful PowerShell tools to collect, organize, and visualize Sysmon event data☆40Updated 4 years ago
- PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting☆16Updated 4 years ago
- A repository that maps API calls to Sysmon Event ID's.☆116Updated last year
- Machine Interrogation To Identify Gaps & Techniques for Execution☆32Updated 2 years ago
- Command line access to the Registry☆123Updated 2 weeks ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- VSCode extension for the YARA pattern matching language☆60Updated 8 months ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆79Updated 2 months ago
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆38Updated 2 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆71Updated 8 months ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Dump quarantined files from Windows Defender☆51Updated 2 years ago
- A repo to document API functions mapped to security events across diverse platforms☆74Updated 4 years ago
- ☆37Updated 2 years ago
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆16Updated last month