Use Sysmon logs to search commandline arg length by char count

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

https://ceramicskate0.github.io/SWELF/

GNU Affero General Public License v3.0

24 stars 7 forks source link

Use Sysmon logs to search commandline arg length by char count #15

Closed ceramicskate0 closed 6 years ago

ceramicskate0 commented 6 years ago

Sysmon can give commandline args, we can use that to get commandline arg length to detect fileless malware. We can do this by counting chars in commandline args for both parent and target commandline args.

ceramicskate0 commented 6 years ago

pushed on version 0.1.0.4