EVTX-ATTACK-SAMPLES
Attack log repository
A repository of Windows Event log samples associated with various attack and post-exploitation techniques.
Windows Events Attack Samples
2k stars
143 watching
398 forks
Language: HTML
last commit: almost 2 years ago
Linked from 3 awesome lists
datasetdetection-engineeringdfirevtxmitre-attackthreat-huntingwindows-securitywinlogbeat
meirwah/awesome-incident-response
0x4d31/awesome-threat-detection
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| sbousseaden/pcap-attack | A collection of PCAP captures used to demonstrate post-exploitation techniques and threat hunting tactics. | 344 |
 mdecrevoisier/evtx-to-mitre-attack | Provides Windows log event indicators mapped to MITRE ATT&CK tactic and techniques | 527 |
 yamato-security/hayabusa-sample-evtx | A collection of sample event log files used for testing and development of threat detection rules | 44 |
 williballenthin/python-evtx | A Python module for parsing Windows Event Log files (.evtx) into structured data | 732 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 volexity/threat-intel | A repository of threat intelligence data from public Volexity blog posts. | 318 |
| sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 attackercan/burp-xss-sql-plugin | Automated tool for detecting cross-site scripting (XSS) and SQL injection vulnerabilities in web applications. | 44 |
 sumeshi/evtx2es | A Python library that enables fast import of Windows Event Logs into Elasticsearch | 82 |
 1n3/intruderpayloads | A collection of tools and methodologies for simulating web application attacks | 3,681 |
 splunk/attack_data | A repository of curated datasets from various attacks | 588 |
 vxunderground/vxug-papers | A collection of research code and papers related to malware analysis and development | 1,146 |
 threathunters-io/laurel | Transforms Linux audit logs into standardized, human-readable format for security monitoring | 711 |
 smgorelik/windows-rce-exploits | A repository of remote code execution exploit samples and proof-of-concepts for Windows. | 740 |
| williballenthin/evtxtract | Reconstructs fragments of event log data from raw binary files, including unallocated space and memory images. | 189 |