nasbench / EVTX-ETW-ResourcesLinks
Event Tracing For Windows (ETW) Resources
☆397Updated 11 months ago
Alternatives and similar repositories for EVTX-ETW-Resources
Users that are interested in EVTX-ETW-Resources are comparing it to the libraries listed below
Sorting:
- ☆253Updated last year
- Sysmon-Like research tool for ETW☆364Updated 2 years ago
- ☆523Updated 3 months ago
- View ETW Provider manifest☆531Updated 10 months ago
- C# based evtx parser with lots of extras☆324Updated 2 weeks ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- $MFT directory tree reconstruction & FILE record info☆311Updated 11 months ago
- ☆240Updated 3 months ago
- Sysmon configuration file template with default high-quality event tracing☆507Updated 3 weeks ago
- ☆204Updated 10 months ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆309Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆156Updated 4 years ago
- Anything Sysmon related from the MSTIC R&D team☆156Updated last year
- ☆786Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆288Updated 2 years ago
- Elastic Security Labs releases☆82Updated 2 months ago
- MAL-CL (Malicious Command-Line)☆317Updated 2 years ago
- Lnk Explorer Command line edition!!☆324Updated 8 months ago
- ☆142Updated last month
- A guide on how to write fast and memory friendly YARA rules☆152Updated 7 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆248Updated 5 months ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆461Updated last month
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆200Updated this week
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆181Updated 2 months ago
- ☆551Updated last year
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆301Updated 3 years ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆674Updated last month
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆174Updated 9 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆588Updated 8 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆336Updated 2 years ago