Basic demo for Hidden Treasure talk.
☆49Nov 4, 2017Updated 8 years ago
Alternatives and similar repositories for hiddentreasure-etw-demo
Users that are interested in hiddentreasure-etw-demo are comparing it to the libraries listed below
Sorting:
- PowerShellMethodAuditor listens to the PowerShell ETW provider and logs PowerShell method invocations.☆37Sep 19, 2017Updated 8 years ago
- ☆52Sep 17, 2018Updated 7 years ago
- ☆13Aug 11, 2018Updated 7 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆163Apr 11, 2017Updated 8 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- Custom scripts released for BSidesDC 2016☆14Oct 19, 2016Updated 9 years ago
- Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber☆406Dec 8, 2022Updated 3 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- Splunk app for Threat hunting☆15Nov 15, 2018Updated 7 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆754Mar 9, 2026Updated last week
- This script is used for extracting DDE in docx and xlsx☆12Dec 8, 2017Updated 8 years ago
- Simple Distributed IOC Scanner☆12Jul 27, 2015Updated 10 years ago
- An automated collection and analysis of malware from my honeypots.☆25Feb 8, 2018Updated 8 years ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆135Aug 10, 2018Updated 7 years ago
- Make it easier to find problem devices on your computer and find the corresponding driver.☆11Sep 18, 2018Updated 7 years ago
- Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.☆69Nov 11, 2023Updated 2 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Finds sensitive stuff in your git repository by specifying terms to look for☆31Feb 16, 2018Updated 8 years ago
- Currently not updated for WMIEvent module...☆262Feb 23, 2016Updated 10 years ago
- Misc PoCs for various research topics☆21Sep 28, 2022Updated 3 years ago
- Generates anti-sandbox analysis HTA files without payloads☆121Mar 16, 2017Updated 9 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆657Aug 19, 2019Updated 6 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆387Jun 25, 2024Updated last year
- ☆16Jun 1, 2018Updated 7 years ago
- Gathers a defined subset of various logs and highlights important lines.☆19Sep 10, 2021Updated 4 years ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆252Jul 19, 2021Updated 4 years ago
- ☆11Aug 19, 2017Updated 8 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- ☆12Mar 24, 2018Updated 7 years ago
- ☆15Jan 26, 2023Updated 3 years ago
- Get all AD objects which are hidden from you☆18Aug 21, 2017Updated 8 years ago
- incident response scripts☆18Mar 4, 2019Updated 7 years ago
- Attack Tree modeling sheet for Dia☆20Oct 9, 2018Updated 7 years ago
- CTF writeups☆13Jul 2, 2017Updated 8 years ago
- ☆30Jul 17, 2018Updated 7 years ago
- ☆16Apr 16, 2015Updated 10 years ago
- Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)☆106Feb 10, 2021Updated 5 years ago