nasbench / EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
☆369Updated 5 months ago
Alternatives and similar repositories for EVTX-ETW-Resources:
Users that are interested in EVTX-ETW-Resources are comparing it to the libraries listed below
- Sysmon-Like research tool for ETW☆352Updated 2 years ago
- ☆236Updated 10 months ago
- View ETW Provider manifest☆466Updated 5 months ago
- ☆498Updated 3 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆289Updated 10 months ago
- C# based evtx parser with lots of extras☆296Updated 2 weeks ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223Updated 3 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆322Updated last year
- ☆758Updated last year
- ☆200Updated 5 months ago
- $MFT directory tree reconstruction & FILE record info☆303Updated 5 months ago
- A guide on how to write fast and memory friendly YARA rules☆141Updated last month
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆235Updated 3 weeks ago
- Document ETW providers☆225Updated 5 years ago
- Sysmon configuration file template with default high-quality event tracing☆478Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆153Updated 3 years ago
- RPC Monitor tool based on Event Tracing for Windows☆341Updated 7 months ago
- Anything Sysmon related from the MSTIC R&D team☆151Updated 9 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- ☆130Updated last year
- Windows Registry Knowledge Base☆173Updated 5 months ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆378Updated last month
- OSSEM Detection Model☆177Updated 2 years ago
- ☆216Updated 2 months ago
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆177Updated 2 months ago
- Signature engine for all your logs☆166Updated last year
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆166Updated this week
- Elastic Security Labs releases☆61Updated this week
- A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...☆139Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆609Updated 3 weeks ago