-
i see the below error when running the script
python3 event2timeline.py -e -f Security.evtx
File "event2timeline.py", line 51
except Exception, e:
^
SyntaxError: invalid…
-
Create an analyzer to tag suspicious PowerShell activity to detect things such as a base64 payload, usage of a pen testing framework such as PowerShell empire, etc. The following presentation link giv…
-
> flannel version
C:\opt\bin\rancher-wins-flanneld.exe --version
- label container log names
- grab evtx files in addition to json
- refactor
- better organize directories (top-level d…
-
# evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx
Файл с событиями можно [скачать тут 🔗](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/raw/master/Defense%20Evasion/evasion_codeinj_odzhan_co…
-
Evtx'es have a property "InstanceID" which is related to EventID:
> InstanceID is not EventID, but can be:
> The InstanceId property uniquely identifies an event entry for a configured event sou…
-
Background Intelligent Transfer Service (BITS) is used for persistence.
Two sources:
Microsoft-Windows-Bits-Client/(Microsoft-Windows-Bits-Client/Operational.evtx
AND
qmgr[??].dat
REF: htt…
-
Does this have all the rules for DeepBlueCLI or would I need to run that as well against the EVTX files?
-
I have been poking at the code, trying to parse various EVTX logs, using latest github releases.
Works very good for the 4 standard logs, compiles as static, GREAT!
The one thing that stumbled me is …
-
logontracer for large log files is too slow ,is there a way to accelerate the speed?
-
From [Microsoft Docs](https://docs.microsoft.com/en-us/windows/win32/fileio/change-journals):
> [T]he NTFS file system maintains an update sequence number (USN) change journal. When any change is m…
m1435 updated
2 years ago