nasbench / procmon-malware-analysis-filtersLinks
Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool
☆19Updated 4 years ago
Alternatives and similar repositories for procmon-malware-analysis-filters
Users that are interested in procmon-malware-analysis-filters are comparing it to the libraries listed below
Sorting:
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆46Updated 2 years ago
- Windows.EDB Browser☆57Updated 2 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 8 months ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆37Updated last year
- ☆33Updated 3 years ago
- Evtx Log (xml) Browser☆56Updated 2 years ago
- ☆68Updated 2 weeks ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- Windows 10 Live Information viewer☆36Updated 3 years ago
- ☆35Updated 2 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆44Updated 4 years ago
- Windows Event Log Knowledge Base☆26Updated 10 months ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆37Updated last year
- ☆19Updated 7 months ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- Parser for Sdba memory pool tags☆18Updated 4 years ago
- Parses the WMI object database....looking for persistence☆33Updated 5 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆80Updated 3 months ago
- Parse Microsoft shim databases☆30Updated 7 months ago
- ☆27Updated 3 years ago
- Simple PowerShell script to enable process scanning with Yara.☆97Updated 2 years ago
- SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…☆68Updated 3 years ago
- Registry Explorer bookmark definitions☆43Updated 8 months ago
- ShellSweeping the evil.☆53Updated last year
- Carve file metadata from NTFS index ($I30) attributes☆70Updated last year
- ☆14Updated 2 years ago
- Modular malware analysis artifact collection and correlation framework☆53Updated last year
- PowerShell PE Parser☆63Updated last year