Securehat
@FranticTyping
  • Blog Overview
  • 💣CobaltStrike
    • Cobalt Strike Staging and Extracting Configuration Information
    • Fighting Back Against Cobalt Strike - Detection Ideas
  • 🔬Malware Analysis
    • Tool-Less Extraction of IOCs from an Emotet Maldoc
    • Extracting the Cobalt Strike Config from a TEARDROP Loader
  • 💉Process Injection and Similar Topics
    • Shellcode Execution via EnumSystemLocalA
    • Manually Implementing Inline Function Hooking
    • Detecting Process Injection using Microsoft Detour Hooks
  • 🔍Detection Experiments
    • Detecting Parent Process Spoofing using KrabsETW
    • Chainsaw Tool - Search and Hunt Through Event Logs
    • Hunting for C3 Activity
  • 📘High Level Blue Team Topics
    • Scaling Detection and Response Operations
Powered by GitBook
On this page

Was this helpful?

  1. Detection Experiments

Chainsaw Tool - Search and Hunt Through Event Logs

A few months ago I wrote a tool in my day job that helps analysts to search and hunt through Windows Event Logs. The relevant blog post and tool links are below.

PreviousDetecting Parent Process Spoofing using KrabsETWNextHunting for C3 Activity

Last updated 3 years ago

Was this helpful?

Original Blog Post

Github Page

🔍
ChainsawF-Secure Labs
LogoGitHub - countercept/chainsaw: Rapidly Search and Hunt through Windows Event LogsGitHub