Analyzing PowerShell execution on Windows systems.
-
Updated
Feb 20, 2024 - PowerShell
Analyzing PowerShell execution on Windows systems.
A Sysmon Install script using the Powershell Application Deployment Toolkit
A repository of sysmon configuration modules
PowerShell module for creating and managing Sysinternals Sysmon config files.
Capture all events across all logs produced during the running of a particular exploit/script. Search and filter events
Script is written to fetch LOLBin Details from Security and Sysmon EVTX file.
A PowerShell client for retrieving and searching Sysmon logs
This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malware analysis. This can be used in production, however you might want to tune the GPO edits as needed.
incident response scripts
Presentations
A PowerShell script to prevent Sysmon from writing its events
Sysmon EDR POC Build within Powershell to prove ability.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Add a description, image, and links to the sysmon topic page so that developers can more easily learn about it.
To associate your repository with the sysmon topic, visit your repo's landing page and select "manage topics."