Logs

Certwatcher – Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL

11 Apr 2023 By hackergadgets

CertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates. The tool helps detect and analyze websites using regular expression patterns and is designed for ease of use by security professionals and researchers. Certwatcher continuously monitors the certificate data stream and checks for patterns or malicious activity. Certwatcher can also beRead More

CertWatcher – A Tool For Capture And Tracking Certificate Transparency Logs, Using YAML Templates Based DSL

15 Mar 2023 By hackergadgets

CertWatcher is a tool for capture and tracking certificate transparency logs, using YAML templates. The tool helps to detect and analyze phishing websites and regular expression patterns, and is designed to make it easy to use for security professionals and researchers. Certwatcher continuously monitors the certificate data stream and checks for suspicious patterns or maliciousRead More

Winevt_Logs_Analysis – Searching .Evtx Logs For Remote Connections

05 Feb 2023 By hackergadgets

Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions. You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder. The winevt/Logs folders and the script mustRead More

Laurel – Transform Linux Audit Logs For SIEM Usage

26 Jul 2022 By hackergadgets

LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? TLDR: Instead of audit events that look like this… type=EXECVE msg=audit(1626611363.720:348501): argc=3 a0=”perl” a1=”-e” a2=75736520536F636B65743B24693D2231302E302E302E31223B24703D313233343B736F636B65742… …turn them into JSON logs where the mess that your pen testers/red teamers/attackers are trying to make becomes apparent at first glance:Read More

Moonwalk – Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps

02 May 2022 By hackergadgets

Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. Introduction moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitationRead More

Zircolite – A Standalone SIGMA-based Detection Tool For EVTX, Auditd And Sysmon For Linux Logs

18 Apr 2022 By hackergadgets

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux or JSONL/NDJSON Logs Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSONL format), Auditd logs and Sysmon for Linux logs Zircolite can be used directly on the investigated endpoint (use releases) orRead More

Epagneul – Graph Visualization For Windows Event Logs

18 Mar 2022 By hackergadgets

Epagneul is a tool to visualize and investigate windows event logs. Deployment Requires docker and docker-compose to be installed. Installing make Offline deployment On a machine connected to internet, build an offline release: make release This will create a release folder containing ready to go docker images. Copy the project to your air gapped machineRead More

BeaconEye – Hunts Out CobaltStrike Beacons And Logs Operator Command Output

26 Aug 2021 By

BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity. How it works BeaconEye will scan live processes or MiniDump files for suspected CobaltStrike beacons. In live process mode, BeaconEye optionally attaches itself as a debugger and will begin monitoring beaconRead More

Subcert – An Subdomain Enumeration Tool, That Finds All The Subdomains From Certificate Transparency Logs

22 Mar 2021 By

Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. Setup Step 1: Install Python 3 apt-get install python3-pip Step 2: Clone the Repository git clone https://github.com/A3h1nt/Subcert.git Step 3: Install Dependencies pip3 install -r requirements.txt Step 4: Move the Directory to /opt mv subcert /opt/ Step 5: Add anRead More

APT-Hunter – Threat Hunting Tool For Windows Event Logs Which Made By Purple Team Mindset To Provide Detect APT Movements Hidden In The Sea Of Windows Event Logs To Decrease The Time To Uncover Suspicious Activity

25 Feb 2021 By

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to notRead More

X