This repository serves as a place for community created Targets and Modules for use with KAPE.
Hayabusa is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs written in Rust.
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
A toolset to make a system look as if it was the victim of an APT attack
A curated list of tools for incident response
Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
A repository of DFIR-related Mind Maps geared towards the visual learners!
Windows Events Attack Samples
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
Sysmon configuration file template with default high-quality event tracing
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
Generic Signature Format for SIEM Systems
Transform Linux Audit logs for SIEM usage
Automated Adversary Emulation Platform
A standalone SIGMA-based detection tool for EVTX.
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Defences against Cobalt Strike
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Rapidly Search and Hunt through Windows Event Logs
A repository of output using KAPE (!EZParser Module) for various publicly available forensic images freely available!
Collect information of Windows PC when doing incident response
Incident response teams usually working on the offline data, collecting the evidence, then analyze the data