search

ahmedkhlief / APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
https://shells.systems/introducing-apt-hunter-threat-hunting-tool-via-windows-event-log/
GNU General Public License v3.0
1.26k stars 238 forks source link

Error on logon events #18

Closed BernardoSilva closed 1 year ago

BernardoSilva commented 2 years ago

Sample of the error output and how it was found:


~/dev/apt-hunter/repo/APT-Hunter fix-error-on-using-variable-before-assignement*
.venv ❯ python APT-Hunter.py -p ~/dev/logs-windows -o output_file

  /$$$$$$  /$$$$$$$  /$$$$$$$$         /$$   /$$                       /$$
 /$$__  $$| $$__  $$|__  $$__/        | $$  | $$                      | $$
| $$  \ $$| $$  \ $$   | $$           | $$  | $$ /$$   /$$ /$$$$$$$  /$$$$$$    /$$$$$$   /$$$$$$
| $$$$$$$$| $$$$$$$/   | $$    /$$$$$$| $$$$$$$$| $$  | $$| $$__  $$|_  $$_/   /$$__  $$ /$$__  $$
| $$__  $$| $$____/    | $$   |______/| $$__  $$| $$  | $$| $$  \ $$  | $$    | $$$$$$$$| $$  \__/
| $$  | $$| $$         | $$           | $$  | $$| $$  | $$| $$  | $$  | $$ /$$| $$_____/| $$
| $$  | $$| $$         | $$           | $$  | $$|  $$$$$$/| $$  | $$  |  $$$$/|  $$$$$$$| $$
|__/  |__/|__/         |__/           |__/  |__/ \______/ |__/  |__/   \___/   \_______/|__/

                                                                By : Ahmed Khlief , @ahmed_khlief
                                                                Version : 2.0

Analyzing /home/bernardosilva/dev/logs-windows/Security.evtx
Analyzing /home/bernardosilva/dev/logs-windows/Application.evtx
Analyzing /home/bernardosilva/dev/logs-windows/System.evtx
Error (local variable 'process_name' referenced before assignment) , Handling EventID (4648) with Event Content
``
ahmedkhlief commented 1 year ago

Hi , Please check the new release (V3.0)