Analyzing PowerShell execution on Windows systems.
-
Updated
Feb 20, 2024 - PowerShell
Analyzing PowerShell execution on Windows systems.
Utilities for working with and testing Sysmon configs against Windows Event Logs
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
Detection Logics for Threat Hunting
A log-based Threat Hunting tool
sc-pseudo.exe is a recreation of Windows Service Control Manager, a command line utility. This code was built using a 64 bit architecture. This script generates a system process that allows Windows to start, stop and interact with other processes.
A Sysmon Install script using the Powershell Application Deployment Toolkit
Integrated Windows endpoint log management (Docker + ELK(ElasticSearch, Logstash, Kibana) + Winlogbeat based)
Simple system monitoring over MQTT
Utility to convert SysInternals' Sysmon binary configuration to XML
A repository of sysmon configuration modules
The Granted Access Converter is a utility designed to help users understand and interpret the GrantedAccess values found in Sysmon Event ID 10 logs.
PowerShell module for creating and managing Sysinternals Sysmon config files.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."