nasbench / procmon-malware-analysis-filtersLinks
Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool
☆19Updated 5 years ago
Alternatives and similar repositories for procmon-malware-analysis-filters
Users that are interested in procmon-malware-analysis-filters are comparing it to the libraries listed below
Sorting:
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆48Updated 2 weeks ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 10 months ago
- Windows.EDB Browser☆58Updated 2 years ago
- Simple PowerShell script to enable process scanning with Yara.☆96Updated 3 years ago
- Evtx Log (xml) Browser☆55Updated 2 years ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆38Updated last year
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Updated last year
- ☆36Updated 2 years ago
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Updated 2 years ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.☆14Updated 3 years ago
- ☆33Updated 3 years ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆43Updated 4 years ago
- ☆19Updated 9 months ago
- ☆48Updated 9 months ago
- ☆69Updated 2 months ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆35Updated 2 years ago
- Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE☆33Updated last year
- ☆27Updated 3 years ago
- SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral a…☆70Updated 4 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few …☆35Updated 3 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Updated 2 years ago
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆124Updated last year
- runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…☆38Updated 2 years ago
- A set of tools for collecting forensic information☆26Updated 5 years ago
- General Content☆26Updated last year
- Parses the WMI object database....looking for persistence☆34Updated 5 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆81Updated last week
- Windows 10 Live Information viewer☆37Updated 3 years ago
- ☆14Updated 2 years ago