nasbench / EVTX-ETW-ResourcesLinks
Event Tracing For Windows (ETW) Resources
☆396Updated 10 months ago
Alternatives and similar repositories for EVTX-ETW-Resources
Users that are interested in EVTX-ETW-Resources are comparing it to the libraries listed below
Sorting:
- ☆252Updated last year
- ☆522Updated 2 months ago
- Sysmon-Like research tool for ETW☆364Updated 2 years ago
- C# based evtx parser with lots of extras☆318Updated this week
- View ETW Provider manifest☆530Updated 9 months ago
- ☆204Updated 10 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆227Updated 4 years ago
- $MFT directory tree reconstruction & FILE record info☆311Updated 10 months ago
- ☆238Updated 2 months ago
- Anything Sysmon related from the MSTIC R&D team☆156Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆155Updated 4 years ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆172Updated 9 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆248Updated 5 months ago
- Lnk Explorer Command line edition!!☆320Updated 7 months ago
- Elastic Security Labs releases☆80Updated last month
- MAL-CL (Malicious Command-Line)☆316Updated 2 years ago
- Sysmon configuration file template with default high-quality event tracing☆507Updated this week
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆194Updated this week
- A guide on how to write fast and memory friendly YARA rules☆151Updated 6 months ago
- ☆784Updated 2 years ago
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆181Updated last month
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆671Updated last month
- A python script developed to process Windows memory images based on triage type.☆265Updated last year
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆589Updated 7 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆113Updated 3 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆287Updated last year
- Encyclopedia for Executables☆449Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆310Updated last year
- ☆141Updated last month
- Parses amcache.hve files, but with a twist!☆140Updated 7 months ago