Skip to content
/ Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW Public

CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"

License

Apache-2.0 license
46 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RedTeamOperations/Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW

BranchesTags

Repository files navigation

Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW

⚠️ The workshop is still in Progress, more tools and modules will be added in the upcoming weeks as they are covered.

This is an image

To setup HELK, please refer the following Video : https://drive.google.com/drive/folders/11ELLPmjHy6c3IuV9MJAlWMif0Y2kXlEq

Workshop Outline

  • ETW Basics and Setup with HELK
  • Playing around with multiple ETW Providers
  • Weaponizing ETW-TI for Detection
  • Detecting various "Defense Evasion" Techniques (PPID Spoofing)
  • Detecting various "Defense Evasion" Techniques (Command Line Spoofing)
  • Detecting .NET Tools and Attack Techniques (AppDomain Abuse, SharpPick etc.)
  • Detecting LOLBAS, BYOL & BYOI Techniques
  • Detecting Techniques leveraged by various C2 Agents

Tools Used

HELK : https://github.com/Cyb3rWard0g/HELK
SilkETW : https://github.com/mandiant/SilkETW
Sealighter (v1.5) : https://github.com/pathtofile/Sealighter
WEPExplorer : https://github.com/lallousx86/WinTools/tree/master/WEPExplorer
ETW-Event-Dumper : https://github.com/woanware/etw-event-dumper

About

CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"

Resources

Readme

License

Apache-2.0 license
Activity

Stars

46 stars

Watchers

3 watching

Forks

14 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •