Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.
☆32Oct 13, 2018Updated 7 years ago
Alternatives and similar repositories for WindowsEventsToCSVTimeline
Users that are interested in WindowsEventsToCSVTimeline are comparing it to the libraries listed below
Sorting:
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Jan 30, 2018Updated 8 years ago
- Loads a program into a memfd and runs it.☆11May 22, 2022Updated 3 years ago
- CVE-2023-20198 PoC (!)☆11Oct 17, 2023Updated 2 years ago
- Specific guidance and configuration scripts based on Microsoft-recommended security configuration baselines for Windows.☆14Aug 22, 2020Updated 5 years ago
- Yara rules written by me, for free use.☆20Nov 26, 2021Updated 4 years ago
- Triaging Windows event logs based on SANS Poster☆47Nov 22, 2025Updated 3 months ago
- A utility to parse and analyze Windows Event Log files for recurrent failure patterns☆19Jun 5, 2025Updated 8 months ago
- PoC of injecting code into a running Linux process☆23Sep 11, 2019Updated 6 years ago
- Automate Windows Defender STIG to 100% Compliance☆19Jul 26, 2024Updated last year
- It's not just UsnJrnl (USN Journal Records/Change Journal Records) parser.☆23Nov 11, 2018Updated 7 years ago
- Details around how to setup WinRM Certificate Authentication for use in Ansible☆22Jul 18, 2024Updated last year
- Fast incident overview☆41Feb 11, 2017Updated 9 years ago
- List of PowerShell commands and commandlets that should be in your Powershel watchlist☆38Jul 22, 2021Updated 4 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- A set of Bash scripts that allows you to repeatably collect and compare baseline audit data from Linux and Windows systems☆20Oct 19, 2013Updated 12 years ago
- Scripts for: How to Build a Covert Pentesting Infrastructure Almost Free☆22Jan 15, 2026Updated last month
- Enumerate the Domain for Readable and Writable Shares☆23Nov 14, 2025Updated 3 months ago
- Audit Powershell and search from known keywords in history #Blueteam☆25Apr 22, 2020Updated 5 years ago
- A curated list of resources related to Industrial Control System (ICS) security.☆21Aug 23, 2021Updated 4 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- .NET attributes cleaner/Junk remover (nops). Credits to Prab + Illuzion.☆21May 12, 2022Updated 3 years ago
- Various DFIR Tools☆27Jul 23, 2018Updated 7 years ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 4 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- SuperPeHasher is a wrapper for several hash algorithms dedicated to PE file.☆28Sep 16, 2021Updated 4 years ago
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- CAPE Auto-Hardened Installer☆26Jan 28, 2026Updated last month
- AppLocker hardening policies☆26Jul 26, 2018Updated 7 years ago
- Please use https://github.com/veeral-patel/true-positive instead☆71Jan 19, 2023Updated 3 years ago
- ☆35Nov 25, 2025Updated 3 months ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- PAM Backdoor☆32Mar 29, 2023Updated 2 years ago
- Accompanying PowerShell Modules for DevSec Defense Presentation☆30Apr 15, 2018Updated 7 years ago
- Log converter from CS log to Ghostwriter CSV☆31Nov 23, 2020Updated 5 years ago
- Audix is a PowerShell tool to quickly configure the Windows Event Audit Policies for security monitoring☆117Oct 14, 2025Updated 4 months ago
- ☆28Aug 10, 2019Updated 6 years ago
- My small extension to add anti-anti-debbuging support to dnSpy☆45Jun 15, 2018Updated 7 years ago
- Binaries for the log2timeline projects and dependencies☆40Feb 8, 2026Updated 3 weeks ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago