EVTX-ATTACK-SAMPLES
V0lundr opened this issue ยท 5 comments
Hi, first of all an awesome job. I've been trying to use https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES for testing but unfortunately I was not able to do it. What would be the correct approach, if possible at all? Thanks a lot.
I tried this too. You'd have to correctly identify the log channel of the EVTX files used in the repo. If you do so and the use-case is covered, you'll get your results.
Ok, Yes, you're right @SyeedHasan. I was actually trying this:
python3 APT-Hunter.py -t evtx -p logs/ -o logs/project1 (in the folder logs I put the Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx logs).
Later, I tried:
python3 APT-Hunter.py -t evtx --system logs/Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx -o logs/project1 (since these are system logs) and it worked.
Great stuff, thanks.
Guys thanks for this valuable information . if you can suggest use cases based on your tests it would be awesome and i will try to add them ASAP.
Guys thanks for this valuable information . if you can suggest use cases based on your tests it would be awesome and i will try to add them ASAP.
The repo @V0lundr mentioned has tons of use-cases. It'll be a hard time implementing them all but maybe a priority basis would work well for you. I'd love to chip in some use-cases too; hopefully I can find the extra time.