whikernel / evtx2splunk
Evtx to Splunk ingestor
☆15Updated 3 years ago
Alternatives and similar repositories for evtx2splunk:
Users that are interested in evtx2splunk are comparing it to the libraries listed below
- Cobalt Strike Beacon configuration extractor and parser.☆152Updated 3 years ago
- Windows symbol tables for Volatility 3☆83Updated 9 months ago
- yara detection rules for hunting with the threathunting-keywords project☆116Updated last month
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 3 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆165Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆165Updated last month
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆93Updated last year
- A collection of tools and detections for the Sliver C2 Frameworj☆123Updated 2 years ago
- ShellSweeping the evil.☆52Updated 10 months ago
- ☆13Updated 2 years ago
- A small util to brute-force prefetch hashes☆76Updated 2 years ago
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆30Updated 3 years ago
- RegRipper4.0☆47Updated last year
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆151Updated 3 years ago
- Linux Evidence Acquisition Framework☆114Updated 6 months ago
- Active C&C Detector☆153Updated last year
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆256Updated last year
- Parses amcache.hve files, but with a twist!☆132Updated 3 months ago
- Active C2 IoCs☆98Updated 2 years ago
- Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine☆22Updated 4 months ago
- YARA rule analyzer to improve rule quality and performance☆98Updated 2 weeks ago
- ☆43Updated 2 years ago
- This repo is all about Blue teamming and CyberDefenders Write-up for their DFIR challenges☆17Updated last year
- Initial triage of Windows Event logs☆97Updated 10 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated last year
- ☆33Updated 2 weeks ago
- shared samples from #dailyphish and/or #apt tweets☆39Updated last month