sbousseaden/EVTX-ATTACK-SAMPLES

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sbousseaden/EVTX-ATTACK-SAMPLES)

sbousseaden / EVTX-ATTACK-SAMPLES

Windows Events Attack Samples

☆2,517

Alternatives and similar repositories for EVTX-ATTACK-SAMPLES

Users that are interested in EVTX-ATTACK-SAMPLES are comparing it to the libraries listed below

Sorting:

OTRF / Security-Datasets
View on GitHub
Re-play Security Events
☆1,725Mar 20, 2024Updated last year
OTRF / ThreatHunter-Playbook
View on GitHub
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
☆4,492Jan 12, 2026Updated last month
olafhartong / sysmon-modular
View on GitHub
A repository of sysmon configuration modules
☆2,987Aug 21, 2024Updated last year
rabobank-cdc / DeTTECT
View on GitHub
Detect Tactics, Techniques & Combat Threats
☆2,264Jan 21, 2026Updated last month
nshalabi / SysmonTools
View on GitHub
Utilities for Sysmon
☆1,573Sep 21, 2025Updated 5 months ago
NextronSystems / APTSimulator
View on GitHub
A toolset to make a system look as if it was the victim of an APT attack
☆2,714Sep 23, 2025Updated 5 months ago
SigmaHQ / sigma
View on GitHub
Main Sigma Rule Repository
☆10,156Updated this week
olafhartong / ThreatHunting
View on GitHub
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
☆1,174Jul 26, 2023Updated 2 years ago
JPCERTCC / LogonTracer
View on GitHub
Investigate malicious Windows logon by visualizing and analyzing Windows event log
☆3,136Oct 19, 2025Updated 4 months ago
wagga40 / Zircolite
View on GitHub
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
☆786Feb 22, 2026Updated last week
clong / DetectionLab
View on GitHub
Automate the creation of a lab environment complete with security tooling and logging best practices
☆4,908Jul 6, 2024Updated last year
OTRF / OSSEM
View on GitHub
Open Source Security Events Metadata (OSSEM)
☆1,288Feb 27, 2023Updated 3 years ago
mdecrevoisier / EVTX-to-MITRE-Attack
View on GitHub
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
☆612Dec 8, 2025Updated 2 months ago
ahmedkhlief / APT-Hunter
View on GitHub
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …
☆1,402Nov 7, 2024Updated last year
redcanaryco / atomic-red-team
View on GitHub
Small and highly portable detection tests based on MITRE's ATT&CK.
☆11,632Updated this week
WithSecureLabs / chainsaw
View on GitHub
Rapidly Search and Hunt through Windows Forensic Artefacts
☆3,460Updated this week
sans-blue-team / DeepBlueCLI
View on GitHub
☆2,392Oct 14, 2023Updated 2 years ago
trustedsec / SysmonCommunityGuide
View on GitHub
TrustedSec Sysinternals Sysmon Community Guide
☆1,372Feb 10, 2026Updated 3 weeks ago
SwiftOnSecurity / sysmon-config
View on GitHub
Sysmon configuration file template with default high-quality event tracing
☆5,410Jul 3, 2024Updated last year
sbousseaden / PCAP-ATTACK
View on GitHub
PCAP Samples for Different Post Exploitation Techniques
☆368Apr 29, 2021Updated 4 years ago
atc-project / atomic-threat-coverage
View on GitHub
Actionable analytics designed to combat threats
☆1,005May 25, 2022Updated 3 years ago
edoardogerosa / sentinel-attack
View on GitHub
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
☆1,078Nov 28, 2024Updated last year
ThreatHuntingProject / ThreatHunting
View on GitHub
An informational repo about hunting for adversaries in your IT environment.
☆1,854Nov 17, 2021Updated 4 years ago
palantir / windows-event-forwarding
View on GitHub
A repository for using windows event forwarding for incident detection and response
☆1,299Sep 8, 2025Updated 5 months ago
sbousseaden / Slides
View on GitHub
Misc Threat Hunting Resources
☆377Jan 26, 2023Updated 3 years ago
Velocidex / velociraptor
View on GitHub
Digging Deeper....
☆3,784Updated this week
stuhli / awesome-event-ids
View on GitHub
Collection of Event ID ressources useful for Digital Forensics and Incident Response
☆644Jun 19, 2024Updated last year
MHaggis / sysmon-dfir
View on GitHub
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
☆937Dec 12, 2023Updated 2 years ago
MichaelKoczwara / Awesome-CobaltStrike-Defence
View on GitHub
Defences against Cobalt Strike
☆1,296Jul 14, 2022Updated 3 years ago
ION28 / BLUESPAWN
View on GitHub
An Active Defense and EDR software to empower Blue Teams
☆1,316Aug 10, 2023Updated 2 years ago
splunk / attack_range
View on GitHub
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data int…
☆2,445Feb 24, 2026Updated last week
mitre / caldera
View on GitHub
Automated Adversary Emulation Platform
☆6,781Updated this week
yampelo / beagle
View on GitHub
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
☆1,338Dec 13, 2022Updated 3 years ago
Neo23x0 / Loki
View on GitHub
Loki - Simple IOC and YARA Scanner
☆3,726Jan 12, 2026Updated last month
ScarredMonk / SysmonSimulator
View on GitHub
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
☆864Jan 20, 2022Updated 4 years ago
InQuest / awesome-yara
View on GitHub
A curated list of awesome YARA rules, tools, and people.
☆4,146Feb 25, 2026Updated last week
cyb3rfox / Aurora-Incident-Response
View on GitHub
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
☆1,061Oct 5, 2023Updated 2 years ago
Cyb3rWard0g / HELK
View on GitHub
The Hunting ELK
☆3,912Jun 1, 2024Updated last year
elastic / detection-rules
View on GitHub
☆2,510Updated this week