Windows EVTX Samples [More than 130 EVTX examples]:
This is a container for windows events samples associated to specific attack and post-exploitation techniques. Can be useful for:
- Testing your detection scripts based on EVTX parsing
- Training on DFIR and threat hunting using event logs
- Designing detection use cases using Windows and Sysmon event logs
- Avoid/Bypass the noisy techniques if you are a redteamer
For a detailed overview of covered attack TTPs and their mapping to MITRE ATT&CK TTPs check this spreadsheet:
https://docs.google.com/spreadsheets/d/1DOehPeGlUQOsf6HRNT2tsLxNiUQS-kE0GtDE8mcbi8A/edit?usp=sharing
N.B: Mapping has been done to the level of ATT&CK technique, some items are marked in grey, meaning couldn’t found a closer TTP that achieves the same objective.
Below a summarized overview of the covered TTPs using attack-navigator:
Download
git clone https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES.git
Copyright (C) 2019 sbousseaden
