whikernel / evtx2splunk
Evtx to Splunk ingestor
☆15Updated 3 years ago
Alternatives and similar repositories for evtx2splunk:
Users that are interested in evtx2splunk are comparing it to the libraries listed below
- Cobalt Strike Beacon configuration extractor and parser.☆153Updated 3 years ago
- Linux Evidence Acquisition Framework☆114Updated 6 months ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆164Updated this week
- Windows symbol tables for Volatility 3☆81Updated 8 months ago
- yara detection rules for hunting with the threathunting-keywords project☆113Updated 3 weeks ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆165Updated 2 years ago
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆93Updated last year
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆124Updated 3 years ago
- Parses amcache.hve files, but with a twist!☆130Updated 2 months ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Hunt for Keywords , Mutex, Windows Event,Registry Keys,Process,Schedule tasks in Windows Machine☆22Updated 3 months ago
- A small util to brute-force prefetch hashes☆76Updated 2 years ago
- A collection of tools and detections for the Sliver C2 Frameworj☆120Updated last year
- Picus Labs☆44Updated 4 years ago
- Active C2 IoCs☆98Updated 2 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆38Updated last year
- Placeholder for my detection repo and misc detection engineering content☆43Updated last year
- Look into EDR events from network☆23Updated 11 months ago
- RegRipper4.0☆48Updated last year
- Triaging Windows event logs based on SANS Poster☆39Updated 2 years ago
- ☆13Updated 2 years ago
- ShellSweeping the evil.☆52Updated 9 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆235Updated 2 weeks ago
- Open IOC sharing platform☆56Updated 4 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆151Updated 3 years ago
- Queries for Carbon Black Response☆11Updated 5 years ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆168Updated 4 years ago
- Automate Network sessions enumeration of connected users in the domain, to facilitate AD Reconnaissance for Adversary simulation & Red Te…☆15Updated 4 years ago
- Blueteam operational triage registry hunting/forensic tool.☆145Updated last year
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆253Updated last year