Skip to content
View MarkoGordic's full-sized avatar
🔍
🔍
24 followers · 9 following

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: QuickdrawAchievement: YOLOAchievement: Pair Extraordinaire

Achievements

Achievement: StarstruckAchievement: Pull Sharkx2Achievement: QuickdrawAchievement: YOLOAchievement: Pair Extraordinaire

Highlights

Organizations

@CyberHeroRS @advantage-rs @TCP-Project-Artemis

Block or report MarkoGordic

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Stars

Windows DFIR

Windows Incident Response
23 repositories

sbousseaden / EVTX-ATTACK-SAMPLES

Windows Events Attack Samples

HTML 2,523 430 Updated Jan 24, 2023

WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Rust 3,473 296 Updated Mar 2, 2026

GregTheDev / MinidumpExplorer

Inspect and capture minidump files. Includes stand alone library for reading minidump files.

C# 106 21 Updated Nov 27, 2022

kh4sh3i / Ransomware-Samples

Small collection of Ransomware organized by family.

276 82 Updated Oct 6, 2024

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

5,425 1,838 Updated Jul 3, 2024

olafhartong / sysmon-modular

A repository of sysmon configuration modules

PowerShell 2,992 643 Updated Aug 21, 2024

stephenfewer / ReflectiveDLLInjection

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

C 3,239 821 Updated Sep 3, 2022

zodiacon / EtwExplorer

View ETW Provider manifest

C# 575 78 Updated Nov 1, 2024

decoder-it / psgetsystem

getsystem via parent process using ps1 & embeded c#

PowerShell 470 94 Updated Oct 26, 2023

mandiant / SilkETW

C# 826 135 Updated Jun 1, 2023

GhostPack / Seatbelt

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

C# 4,499 760 Updated Jan 10, 2025

libyal / libevtx

Library and tools to access the Windows XML Event Log (EVTX) format

C 230 52 Updated Dec 15, 2025

endgameinc / ClrGuard

C 221 42 Updated Apr 2, 2018

b4rtik / ATPMiniDump

Evading WinDefender ATP credential-theft

C 255 48 Updated Dec 2, 2019

wagga40 / Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

Python 788 112 Updated Mar 5, 2026

keydet89 / RegRipper3.0

RegRipper3.0

Perl 686 147 Updated Dec 12, 2024

keydet89 / RegRipper4.0

RegRipper4.0

Perl 88 21 Updated Dec 10, 2025

EricZimmerman / AmcacheParser

Parses amcache.hve files, but with a twist!

C# 151 20 Updated Jan 12, 2025

nasbench / EVTX-ETW-Resources

Event Tracing For Windows (ETW) Resources

Python 419 78 Updated Oct 30, 2025

MarkBaggett / srum-dump

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

Python 736 122 Updated Jun 5, 2025

Matmaus / LnkParse3

Windows Shortcut file (LNK) parser

Python 129 22 Updated Feb 27, 2026

Yamato-Security / WELA

Windows Event Log Auditor

PowerShell 92 5 Updated Mar 11, 2026

strozfriedberg / sidr

Search Index Database Reporter

Rust 131 9 Updated Oct 28, 2025