nasbench / EVTX-ETW-Resources

Related projects ⓘ

Alternatives and complementary repositories for EVTX-ETW-Resources

• jsecurity101 / TelemetrySource
  ☆221Updated 6 months ago
• pathtofile / Sealighter
  Sysmon-Like research tool for ETW
  ☆333Updated last year
• zeronetworks / rpcfirewall
  ☆481Updated 2 months ago
• zodiacon / EtwExplorer
  View ETW Provider manifest
  ☆428Updated last week
• ion-storm / sysmon-edr
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆218Updated 3 years ago
• EricZimmerman / evtx
  C# based evtx parser with lots of extras
  ☆280Updated 2 months ago
• gtworek / VolatileDataCollector
  ☆186Updated last week
• evild3ad / MemProcFS-Analyzer
  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
  ☆534Updated last week
• jdu2600 / Windows10EtwEvents
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆266Updated 6 months ago
• jsecurity101 / MSRPC-to-ATTACK
  A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
  ☆308Updated last year
• microsoft / MSTIC-Sysmon
  Anything Sysmon related from the MSTIC R&D team
  ☆146Updated 5 months ago
• kacos2000 / MFT_Browser
  $MFT directory tree reconstruction & FILE record info
  ☆292Updated last month
• jsecurity101 / JonMon
  ☆173Updated 3 months ago
• 3CORESec / MAL-CL
  MAL-CL (Malicious Command-Line)
  ☆308Updated last year
• evild3ad / Collect-MemoryDump
  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
  ☆219Updated 8 months ago
• Neo23x0 / sysmon-config
  Sysmon configuration file template with default high-quality event tracing
  ☆454Updated 9 months ago
• airbus-cert / Winshark
  A wireshark plugin to instrument ETW
  ☆534Updated 2 years ago
• mandiant / SilkETW
  ☆732Updated last year
• 3lp4tr0n / BeaconHunter
  Detect and respond to Cobalt Strike beacons using ETW.
  ☆481Updated 2 years ago
• Yamato-Security / hayabusa-rules
  Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
  ☆143Updated this week
• op7ic / EDR-Testing-Script
  Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…
  ☆289Updated 3 years ago
• cyberark / RPCMon
  RPC Monitor tool based on Event Tracing for Windows
  ☆328Updated 2 months ago
• Neo23x0 / YARA-Performance-Guidelines
  A guide on how to write fast and memory friendly YARA rules
  ☆124Updated last year
• marcosd4h / sysmonx
  SysmonX - An Augmented Drop-In Replacement of Sysmon
  ☆208Updated 5 years ago
• strozfriedberg / cobaltstrike-config-extractor
  Cobalt Strike Beacon configuration extractor and parser.
  ☆145Updated 3 years ago
• forrest-orr / moneta
  Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
  ☆683Updated 7 months ago
• wagga40 / Zircolite
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆678Updated last week
• EricZimmerman / MFTECmd
  Parses $MFT from NTFS file systems
  ☆198Updated last week
• Cyb3r-Monk / RITA-J
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆194Updated 2 years ago