Windows EVTX Samples [More than 130 EVTX examples]:
This is a container for windows events samples associated to specific attack and post-exploitation techniques. Can be useful for:
Testing your detection scripts based on EVTX parsing
Training on DFIR and threat hunting using event logs
Designing detection use cases using Windows and Sysmon event logs
Avoid/Bypass the noisy techniques if you are a redteamer
For a detailed overview of covered attack TTPs and their mapping to MITRE ATT&CK TTPs check this spreadsheet:
N.B: Mapping has been done to the level of ATT&CK technique (not procedure), some items are marked in grey, meaning couldn't found a closer TTP that achieves same objective.
Below a summarized overview of the covered TTPs using attack-navigator:
The content of this repository is released under the GNU General Public License.