ihab000 / EVTX-ATTACK-SAMPLES

Windows Events Samples

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Windows EVTX Samples [200 EVTX examples]:

alt text

This is a container for windows events samples associated to specific attack and post-exploitation techniques. Can be useful for:

  • Testing your detection scripts based on EVTX parsing

  • Training on DFIR and threat hunting using event logs

  • Designing detection use cases using Windows and Sysmon event logs

  • Avoid/Bypass the noisy techniques if you are a redteamer

N.B: Mapping has been done to the level of ATT&CK technique (not procedure).

Details of the EVTX content mapped to MITRE tactics can be found here, stats summary:

alt text

alt text

Overview of the covered TTPs using attack-navigator:

alt text

License:

Usage of the content of this repository for commercial purposes (e.g. tools, paid trainings, paid labs etc.) is not authorized prior formal written consent from the repository's owner.

About

Windows Events Samples


Languages

Language:PowerShell 100.0%