This repository contains hands-on projects focused on Windows event log analysis, showcasing key skills in detecting and understanding security-relevant activities on Windows systems. Each folder represents a focused project that includes data, screenshots, and analysis using native Windows Event Viewer and Sysmon logs.
| Project Title | Description | Link |
|---|---|---|
| Registry Value Set - Event ID 13 | Monitors changes made to registry values, useful for tracking persistence and configuration tampering. | π View Project |
| Sysmon Process Termination - Event ID 5 | Tracks process termination using Sysmon to help identify abnormal exits or malware behavior. | π View Project |
| Sysmon Configuration and Log Collection | Demonstrates the setup of Sysmon with a custom config and how to collect logs for analysis. | π View Project |
| Windows Event Log Monitoring | Focuses on monitoring key security events like privileged logons (Event IDs 4624, 4672, etc.) and account usage. | π View Project |
- Windows Event ID analysis (4624, 4672, 7045, etc.)
- Sysmon configuration and deployment
- Real-world event correlation and detection
- Log source handling and documentation
- Blue Team investigation mindset