palantir / windows-event-forwarding

A repository for using windows event forwarding for incident detection and response
Other
1.23k stars 268 forks source link

Don't hide Microsoft signed entries in AutorunsToWinEventLog #11

Closed clong closed 6 years ago

clong commented 7 years ago

https://github.com/palantir/windows-event-forwarding/blob/master/AutorunsToWinEventLog/AutorunsToWinEventLog.ps1#L20

Specifically slide 14 and 15: https://github.com/huntresslabs/evading-autoruns/blob/master/Evading_Autoruns_Slides.pdf

cryps1s commented 6 years ago

Handled via branch: https://github.com/palantir/windows-event-forwarding/pull/13