GitHub Actions runner images

A repository of sysmon configuration modules

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Re-play Security Events

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.

$MFT directory tree reconstruction & FILE record info

Detect and abuse risky SPNs

A repository hosting example goodware evtx logs containing sample software installation and basic user interaction