nasbench / EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
☆375Updated 6 months ago
Alternatives and similar repositories for EVTX-ETW-Resources:
Users that are interested in EVTX-ETW-Resources are comparing it to the libraries listed below
- Sysmon-Like research tool for ETW☆349Updated 2 years ago
- ☆245Updated 11 months ago
- ☆513Updated 4 months ago
- View ETW Provider manifest☆478Updated 5 months ago
- ☆201Updated 5 months ago
- $MFT directory tree reconstruction & FILE record info☆304Updated 6 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆224Updated 3 years ago
- C# based evtx parser with lots of extras☆300Updated this week
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆295Updated 11 months ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆297Updated 3 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆323Updated last year
- MAL-CL (Malicious Command-Line)☆312Updated 2 years ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆237Updated 3 weeks ago
- Anything Sysmon related from the MSTIC R&D team☆152Updated 10 months ago
- Sysmon configuration file template with default high-quality event tracing☆482Updated last year
- Detect and respond to Cobalt Strike beacons using ETW.☆490Updated 2 years ago
- RPC Monitor tool based on Event Tracing for Windows☆346Updated 8 months ago
- ☆763Updated last year
- ☆218Updated 2 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆563Updated 3 months ago
- A wireshark plugin to instrument ETW☆555Updated 3 years ago
- OSSEM Detection Model☆177Updated 2 years ago
- Parses amcache.hve files, but with a twist!☆132Updated 3 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- Lnk Explorer Command line edition!!☆298Updated 3 months ago
- A ProcessMonitor visualization application written in rust.☆178Updated last year
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆117Updated 3 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆256Updated last year
- A guide on how to write fast and memory friendly YARA rules☆142Updated 2 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆194Updated 2 months ago