woanware / etw-event-dumperView external linksLinks
☆33Feb 26, 2022Updated 3 years ago
Alternatives and similar repositories for etw-event-dumper
Users that are interested in etw-event-dumper are comparing it to the libraries listed below
Sorting:
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- ☆21May 8, 2022Updated 3 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 7 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆116Jan 26, 2022Updated 4 years ago
- This is a repository for reporting any issues in any of my software☆13May 15, 2018Updated 7 years ago
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆60Oct 28, 2022Updated 3 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.☆14Oct 21, 2021Updated 4 years ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 2 years ago
- Ekoparty's BlueSpace Keynote November 2021. Shoutout to @plugxor Muchas Gracias!!!☆13Jun 5, 2023Updated 2 years ago
- MalwareAnalysis☆12Dec 19, 2020Updated 5 years ago
- Library of threat hunts to get any user started!☆48Sep 4, 2020Updated 5 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆19Aug 2, 2020Updated 5 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Aug 6, 2022Updated 3 years ago
- Imphash-like calculation on Golang binaries☆49Jul 2, 2022Updated 3 years ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- ☆28May 25, 2021Updated 4 years ago
- IBM RedCON 2020 - Throwing an AquaWrench into the Kernel☆44Aug 25, 2020Updated 5 years ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆34Feb 2, 2022Updated 4 years ago
- ☆20Jan 10, 2025Updated last year
- Mass Triage Tools☆20Dec 16, 2025Updated 2 months ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- ☆17Oct 13, 2025Updated 4 months ago
- ☆21May 4, 2017Updated 8 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does…☆19Feb 2, 2025Updated last year
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆160Oct 30, 2025Updated 3 months ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- A generic security incident response playbook investigating and responding to potential compromises of Okta's internal systems, in the co…☆20Mar 24, 2022Updated 3 years ago
- Carve file metadata from NTFS index ($I30) attributes☆70Feb 3, 2024Updated 2 years ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- An simplest PE parser, which list all import and export entries☆12Oct 11, 2018Updated 7 years ago