nasbench / procmon-malware-analysis-filtersLinks
Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool
☆19Updated 5 years ago
Alternatives and similar repositories for procmon-malware-analysis-filters
Users that are interested in procmon-malware-analysis-filters are comparing it to the libraries listed below
Sorting:
- Windows.EDB Browser☆60Updated 2 years ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆39Updated last year
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆49Updated last month
- Evtx Log (xml) Browser☆55Updated 2 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆63Updated 11 months ago
- ☆33Updated 3 years ago
- ☆71Updated 3 months ago
- ☆36Updated 2 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆44Updated 4 years ago
- ☆19Updated 10 months ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- Windows 10 Live Information viewer☆37Updated 3 years ago
- Parses the WMI object database....looking for persistence☆34Updated 5 years ago
- Simple PowerShell script to enable process scanning with Yara.☆96Updated 3 years ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Updated 2 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Updated last year
- Documentation and parsers for different anti-virus quarantine formats.☆42Updated 4 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆83Updated last month
- ☆50Updated 10 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆126Updated last year
- A proof-of-concept re-assembler for reverse VNC traffic.☆25Updated 2 years ago
- Carve file metadata from NTFS index ($I30) attributes☆72Updated last year
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆114Updated 3 years ago
- SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…☆70Updated 4 years ago
- Parse Microsoft shim databases☆31Updated 10 months ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.☆14Updated 4 years ago
- MFT parser☆72Updated 9 months ago
- C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few …☆35Updated 4 years ago