EVTX-ATTACK-SAMPLES
Attack log repository
A repository of Windows Event log samples associated with various attack and post-exploitation techniques.
Windows Events Attack Samples
2k stars
143 watching
402 forks
Language: HTML
last commit: about 2 years ago
Linked from 3 awesome lists
datasetdetection-engineeringdfirevtxmitre-attackthreat-huntingwindows-securitywinlogbeat
meirwah/awesome-incident-response
0x4d31/awesome-threat-detection
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| sbousseaden/pcap-attack | A collection of PCAP captures used to demonstrate post-exploitation techniques and threat hunting tactics. | 346 |
 mdecrevoisier/evtx-to-mitre-attack | Provides Windows log event indicators mapped to MITRE ATT&CK tactic and techniques | 532 |
 yamato-security/hayabusa-sample-evtx | A collection of sample event log files used for testing and development of threat detection rules | 45 |
 williballenthin/python-evtx | A Python module for parsing Windows Event Log files (.evtx) into structured data | 732 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 volexity/threat-intel | A repository of threat intelligence data from public Volexity blog posts. | 342 |
| sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 attackercan/burp-xss-sql-plugin | Automated tool for detecting cross-site scripting (XSS) and SQL injection vulnerabilities in web applications. | 44 |
 sumeshi/evtx2es | A Python library that enables fast import of Windows Event Logs into Elasticsearch | 82 |
 1n3/intruderpayloads | A collection of tools and methodologies for identifying vulnerabilities in web applications | 3,698 |
 splunk/attack_data | A repository of curated datasets from various attacks | 594 |
 vxunderground/vxug-papers | A collection of research code and papers related to malware analysis and development | 1,163 |
 threathunters-io/laurel | Converts Linux audit logs into standardized JSON format for enhanced security monitoring | 722 |
 smgorelik/windows-rce-exploits | A repository of remote code execution exploit samples and proof-of-concepts for Windows. | 741 |
| williballenthin/evtxtract | Reconstructs fragments of event log data from raw binary files, including unallocated space and memory images. | 191 |