A library for fast parse & import of Windows Eventlogs into Elasticsearch.
☆86Jun 23, 2025Updated 8 months ago
Alternatives and similar repositories for evtx2es
Users that are interested in evtx2es are comparing it to the libraries listed below
Sorting:
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- Code and Slides of my BSides London 2019 presentation about Attacker Emulation using CALDERA☆22Jun 9, 2019Updated 6 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- OSSEM Modular☆27Jun 29, 2020Updated 5 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Kerberoast Detection Script☆30Oct 31, 2024Updated last year
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- An ELK environment containing interesting security datasets.☆136May 11, 2020Updated 5 years ago
- A modern Python-3-based alternative to RegRipper☆205Mar 31, 2025Updated 11 months ago
- Golang Parser for Microsoft Event Logs☆105Nov 7, 2025Updated 3 months ago
- ☆18Apr 4, 2019Updated 6 years ago
- ☆152Jun 5, 2024Updated last year
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- ☆28Mar 29, 2022Updated 3 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆108Feb 12, 2023Updated 3 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Oct 23, 2020Updated 5 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆46Jan 2, 2022Updated 4 years ago
- ☆12Jun 29, 2021Updated 4 years ago
- ETW-Almulahaza is a consumer python-based tool that help you monitor ETW events of the operating system☆13Jun 24, 2022Updated 3 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆517Jul 15, 2022Updated 3 years ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Jan 31, 2024Updated 2 years ago
- PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpo…☆51Aug 15, 2019Updated 6 years ago
- PowerAvails is a unit of collection of Powershell modules that help you get done many things☆118May 31, 2019Updated 6 years ago
- C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely☆38Jan 3, 2020Updated 6 years ago
- Anything Sysmon related from the MSTIC R&D team☆156Jun 8, 2024Updated last year
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- A modified fork of Be.HexEditor for use in debug tools☆15Jan 5, 2022Updated 4 years ago
- A list of Mitre Caldera compatible emulation-plans☆14Feb 1, 2021Updated 5 years ago
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆60Oct 28, 2022Updated 3 years ago
- #ThreatHunting #DFIR #Malware #Detection Mind Maps��☆304Nov 13, 2021Updated 4 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆119Nov 6, 2020Updated 5 years ago
- Purple Team Security☆76Mar 24, 2022Updated 3 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223May 1, 2021Updated 4 years ago
- Tracking APT IOCs☆25Nov 16, 2020Updated 5 years ago
- Random hunting ordiented yara rules☆96Mar 27, 2023Updated 2 years ago
- Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK☆1,078Nov 28, 2024Updated last year