Analyzing PowerShell execution on Windows systems.
-
Updated
Feb 20, 2024 - PowerShell
Analyzing PowerShell execution on Windows systems.
Utilities for working with and testing Sysmon configs against Windows Event Logs
A Sysmon Install script using the Powershell Application Deployment Toolkit
Integrated Windows endpoint log management (Docker + ELK(ElasticSearch, Logstash, Kibana) + Winlogbeat based)
Simple system monitoring over MQTT
Utility to convert SysInternals' Sysmon binary configuration to XML
Detection Logics for Threat Hunting
A log-based Threat Hunting tool
sc-pseudo.exe is a recreation of Windows Service Control Manager, a command line utility. This code was built using a 64 bit architecture. This script generates a system process that allows Windows to start, stop and interact with other processes.
A simplified EVTX file parser wrapping 0xrawsec's golang-evtx module
Atlas ITSI Content Pack for Linux Sysmon
PowerShell module for creating and managing Sysinternals Sysmon config files.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."