This is a container for windows events samples associated to specific attack and post-exploitation techniques. Can be useful for:
-
Testing your detection scripts based on EVTX parsing
-
Training on DFIR and threat hunting using event logs
-
Designing detection use cases using Windows and Sysmon event logs
-
Avoid/Bypass the noisy techniques if you are a redteamer
N.B: Mapping has been done to the level of ATT&CK technique (not procedure).
Details of the EVTX content mapped to MITRE tactics can be found here, stats summary:
Overview of the covered TTPs using attack-navigator:
Usage of the content of this repository for commercial purposes (e.g. tools, paid trainings, paid labs etc.) is not authorized prior formal written consent from the repository's owner.