APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...

For my fellow ETW enthusiasts, you can use the Microsoft-JScript {57277741-3638-4A4B-BDBA-0AC6E45DA56C} Provider to detect this and many other JScript based activities 🚀 (such as HTA applications leveraging Jscript)EID 105 (and others) will capture both the binary and command… https://t.co/5sVf2FE4Yr pic.twitter.com/gwOqR2pbcG— Nasreddine Bencherchali (@nas_bench) February 28, 2024

At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most ...

It’s dangerous to defend the registry alone! Take this!

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte - Git...