├── .github └── CODEOWNERS ├── .gitignore ├── .gitmodules ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── docs └── updating-sigma-rules.md ├── index.html ├── package.json ├── public └── sun.svg ├── sample-evtx.xml ├── samples └── EVTX-ATTACK-SAMPLES │ ├── .gitignore │ ├── AIEvent.jpg │ ├── AutomatedTestingTools │ ├── Malware │ │ ├── DE_timestomp_and_dll_sideloading_and_RunPersist.evtx │ │ ├── readme.md │ │ ├── rundll32_cmd_schtask.evtx │ │ ├── rundll32_hollowing_wermgr_masquerading.evtx │ │ ├── sideloading_injection_persistence_run_key.evtx │ │ └── sideloading_uacbypass_rundll32_injection_c2.evtx │ ├── PanacheSysmon_vs_AtomicRedTeam01.evtx │ ├── WinDefender_Events_1117_1116_AtomicRedTeam.evtx │ ├── panache_sysmon_vs_EDRTestingScript.evtx │ └── readme.md │ ├── Command and Control │ ├── DE_RDP_Tunnel_5156.evtx │ ├── DE_RDP_Tunneling_4624.evtx │ ├── DE_RDP_Tunneling_TerminalServices-RemoteConnectionManagerOperational_1149.evtx │ ├── DE_sysmon-3-rdp-tun.evtx │ ├── bits_openvpn.evtx │ ├── cmds over dns txt queries and reponses.pcap │ ├── readme.md │ ├── tunna_iis_rdp_smb_tunneling_sysmon_3.evtx │ └── web_attack_and_isp_webshell_localhost_access_log.txt │ ├── Credential Access │ ├── 4794_DSRM_password_change_t1098.evtx │ ├── ACL_ForcePwd_SPNAdd_User_Computer_Accounts.evtx │ ├── CA_4624_4625_LogonType2_LogonProc_chrome.evtx │ ├── CA_DCSync_4662.evtx │ ├── CA_Mimikatz_Memssp_Default_Logs_Sysmon_11.evtx │ ├── CA_PetiPotam_etw_rpc_efsr_5_6.evtx │ ├── CA_chrome_firefox_opera_4663.evtx │ ├── CA_hashdump_4663_4656_lsass_access.evtx │ ├── CA_keefarce_keepass_credump.evtx │ ├── CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx │ ├── CA_protectedstorage_5145_rpc_masterkey.evtx │ ├── CA_sysmon_hashdump_cmd_meterpreter.evtx │ ├── CA_teamviewer-dumper_sysmon_10.evtx │ ├── LsassSilentProcessExit_process_exit_monitor_3001_lsass.evtx │ ├── MSSQL_multiple_failed_logon_EventID_18456.evtx │ ├── Powershell_4104_MiniDumpWriteDump_Lsass.evtx │ ├── Sysmon13_MachineAccount_Password_Hash_Changed_via_LsarSetSecret.evtx │ ├── Sysmon_13_Local_Admin_Password_Changed.evtx │ ├── Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx │ ├── Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx │ ├── babyshark_mimikatz_powershell.evtx │ ├── dc_applog_ntdsutil_dfir_325_326_327.evtx │ ├── discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx │ ├── etw_ad_netlogon_provider_zerologon_mimikatz.etl │ ├── etw_rpc_zerologon.evtx │ ├── kerberos_pwd_spray_4771.evtx │ ├── phish_windows_credentials_powershell_scriptblockLog_4104.evtx │ ├── ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx │ ├── remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx │ ├── remote_sam_registry_access_via_backup_operator_priv.evtx │ ├── sysmon17_18_kekeo_tsssp_default_np.evtx │ ├── sysmon_10_11_lsass_memdump.evtx │ ├── sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx │ ├── sysmon_10_1_memdump_comsvcs_minidump.evtx │ ├── sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx │ ├── sysmon_13_keylogger_directx.evtx │ ├── sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx │ ├── sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx │ ├── sysmon_rdrleakdiag_lsass_dump.evtx │ └── tutto_malseclogon.evtx │ ├── Defense Evasion │ ├── DE_104_system_log_cleared.evtx │ ├── DE_1102_security_log_cleared.evtx │ ├── DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx │ ├── DE_EventLog_Service_Crashed.evtx │ ├── DE_Fake_ComputerAccount_4720.evtx │ ├── DE_KernelDebug_and_TestSigning_ON_Security_4826.evtx │ ├── DE_Powershell_CLM_Disabled_Sysmon_12.evtx │ ├── DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx │ ├── DE_UAC_Disabled_Sysmon_12_13.evtx │ ├── DE_WinEventLogSvc_Crash_System_7036.evtx │ ├── DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx │ ├── DE_renamed_psexec_service_sysmon_17_18.evtx │ ├── DE_suspicious_remote_eventlog_svc_access_5145.evtx │ ├── DE_xp_cmdshell_enabled_MSSQL_EID_15457.evtx │ ├── DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx │ ├── Sysmon 7 Update Session Orchestrator Dll Hijack.evtx │ ├── Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx │ ├── Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx │ ├── Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx │ ├── Win_4985_T1186_Process_Doppelganging.evtx │ ├── apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx │ ├── de_PsScriptBlockLogging_disabled_sysmon12_13.evtx │ ├── de_hiding_files_via_attrib_cmdlet.evtx │ ├── de_portforward_netsh_rdp_sysmon_13_1.evtx │ ├── de_powershell_execpolicy_changed_sysmon_13.evtx │ ├── de_sysmon_13_VBA_Security_AccessVBOM.evtx │ ├── de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx │ ├── evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx │ ├── evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx │ ├── faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx │ ├── meterpreter_migrate_to_explorer_sysmon_8.evtx │ ├── process_suspend_sysmon_10_ga_800.evtx │ ├── sideloading_wwlib_sysmon_7_1_11.evtx │ ├── sysmon_10_1_ppid_spoofing.evtx │ ├── sysmon_13_rdp_settings_tampering.evtx │ └── sysmon_2_11_evasion_timestomp_MACE.evtx │ ├── Discovery │ ├── 4799_remote_local_groups_enumeration.evtx │ ├── Discovery_Remote_System_NamedPipes_Sysmon_18.evtx │ ├── dicovery_4661_net_group_domain_admins_target.evtx │ ├── discovery_UEFI_Settings_rweverything_sysmon_6.evtx │ ├── discovery_bloodhound.evtx │ ├── discovery_enum_shares_target_sysmon_3_18.evtx │ ├── discovery_local_user_or_group_windows_security_4799_4798.evtx │ ├── discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx │ ├── discovery_psloggedon.evtx │ ├── discovery_sysmon_18_Invoke_UserHunter_NetSessionEnum_DC-srvsvc.evtx │ └── discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx │ ├── EVTX_ATT&CK_Metadata │ ├── EVTX_Metadata.ipynb │ ├── Evtx │ │ ├── BinaryParser.py │ │ ├── Evtx.py │ │ ├── Nodes.py │ │ ├── Views.py │ │ ├── __init__.py │ │ └── __pycache__ │ │ │ ├── BinaryParser.cpython-39.pyc │ │ │ ├── Evtx.cpython-39.pyc │ │ │ ├── Nodes.cpython-39.pyc │ │ │ ├── Views.cpython-39.pyc │ │ │ └── __init__.cpython-39.pyc │ ├── README.md │ ├── image_bar.png │ ├── image_barh.png │ ├── image_pie.png │ └── sankey.png │ ├── EVTX_DataSet_Stats.PNG │ ├── Execution │ ├── Exec_sysmon_meterpreter_reversetcp_msipackage.evtx │ ├── Exec_via_cpl_Application_Experience_EventID_17_ControlPanelApplet.evtx │ ├── Sysmon_Exec_CompiledHTML.evtx │ ├── Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx │ ├── evasion_execution_imageload_wuauclt_lolbas.evtx │ ├── exec_driveby_cve-2018-15982_sysmon_1_10.evtx │ ├── exec_msxsl_xsl_sysmon_1_7.evtx │ ├── exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx │ ├── exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx │ ├── exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx │ ├── exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx │ ├── exec_sysmon_1_7_jscript9_defense_evasion.evtx │ ├── exec_sysmon_1_ftp.evtx │ ├── exec_sysmon_1_lolbin_pcalua.evtx │ ├── exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx │ ├── exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx │ ├── exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx │ ├── exec_sysmon_lobin_regsvr32_sct.evtx │ ├── exec_wmic_xsl_internet_sysmon_3_1_11.evtx │ ├── execution_evasion_visual_studio_prebuild_event.evtx │ ├── revshell_cmd_svchost_sysmon_1.evtx │ ├── rogue_msi_url_1040_1042.evtx │ ├── susp_explorer_exec.evtx │ ├── susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx │ ├── sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx │ ├── sysmon_1_11_rundll32_cpl_ostap.evtx │ ├── sysmon_exec_from_vss_persistence.evtx │ ├── sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx │ ├── sysmon_lolbin_bohops_vshadow_exec.evtx │ ├── sysmon_mshta_sharpshooter_stageless_meterpreter.evtx │ ├── sysmon_vbs_sharpshooter_stageless_meterpreter.evtx │ ├── sysmon_zipexec.evtx │ ├── temp_scheduled_task_4698_4699.evtx │ └── windows_bits_4_59_60_lolbas desktopimgdownldr.evtx │ ├── HeatMap.PNG │ ├── LICENSE.GPL │ ├── Lateral Movement │ ├── DFIR_RDP_Client_TimeZone_RdpCoreTs_104_example.evtx │ ├── ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx │ ├── LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx │ ├── LM_5145_Remote_FileCopy.evtx │ ├── LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx │ ├── LM_ImageLoad_NFSH_Sysmon_7.evtx │ ├── LM_NewShare_Added_Sysmon_12_13.evtx │ ├── LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx │ ├── LM_REMCOM_5145_TargetHost.evtx │ ├── LM_Remote_Service01_5145_svcctl.evtx │ ├── LM_Remote_Service02_7045.evtx │ ├── LM_ScheduledTask_ATSVC_target_host.evtx │ ├── LM_WMIC_4648_rpcss.evtx │ ├── LM_WMI_4624_4688_TargetHost.evtx │ ├── LM_add_new_namedpipe_tp_nullsession_registry_turla_like_ttp.evtx │ ├── LM_dcom_shwnd_shbrwnd_mmc20_failed_traces_system_10016.evtx │ ├── LM_impacket_docmexec_mmc_sysmon_01.evtx │ ├── LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx │ ├── LM_renamed_psexecsvc_5145.evtx │ ├── LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx │ ├── LM_sysmon_3_12_13_1_SharpRDP.evtx │ ├── LM_sysmon_3_DCOM_ShellBrowserWindow_ShellWindows.evtx │ ├── LM_sysmon_psexec_smb_meterpreter.evtx │ ├── LM_sysmon_remote_task_src_powershell.evtx │ ├── LM_tsclient_startup_folder.evtx │ ├── LM_typical_IIS_webshell_sysmon_1_10_traces.evtx │ ├── LM_winrm_exec_sysmon_1_winrshost.evtx │ ├── LM_winrm_target_wrmlogs_91_wsmanShellStarted_poorLog.evtx │ ├── LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx │ ├── LM_wmiexec_impacket_sysmon_whoami.evtx │ ├── LM_xp_cmdshell_MSSQL_Events.evtx │ ├── MSSQL_15281_xp_cmdshell_exec_failed_attempt.evtx │ ├── RemotePowerShell_MS_Windows-Remote_Management_EventID_169.evtx │ ├── dfir_rdpsharp_target_RdpCoreTs_168_68_131.evtx │ ├── lateral_movement_startup_3_11.evtx │ ├── lm_remote_registry_sysmon_1_13_3.evtx │ ├── lm_sysmon_18_remshell_over_namedpipe.evtx │ ├── net_share_drive_5142.evtx │ ├── powercat_revShell_sysmon_1_3.evtx │ ├── remote task update 4624 4702 same logonid.evtx │ ├── remote_file_copy_system_proc_file_write_sysmon_11.evtx │ ├── sharprdp_sysmon_7_mstscax.dll.evtx │ ├── smb_bi_auth_conn_spoolsample.evtx │ ├── smbmap_upload_exec_sysmon.evtx │ ├── spoolsample_5145.evtx │ ├── sysmon_1_exec_via_sql_xpcmdshell.evtx │ └── wmi_remote_registry_sysmon.evtx │ ├── Other │ ├── emotet │ │ ├── README.md │ │ ├── exec_emotet_ps_4104.evtx │ │ ├── exec_emotet_ps_800_get-item.evtx │ │ ├── exec_emotet_ps_800_invoke-item.evtx │ │ ├── exec_emotet_ps_800_new-item.evtx │ │ ├── exec_emotet_ps_800_new-object.evtx │ │ └── exec_emotet_sysmon_1.evtx │ ├── maldoc_mshta_via_shellbrowserwind_rundll32.evtx │ ├── netlogon_log_CVE-2020-1472_ZeroLogon.txt │ └── rdpcorets_148_mst120_bluekeep_rpdscan_full.evtx │ ├── Persistence │ ├── DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx │ ├── Network_Service_Guest_added_to_admins_4732.evtx │ ├── Persistence_Shime_Microsoft-Windows-Application-Experience_Program-Telemetry_500.evtx │ ├── Persistence_Winsock_Catalog Change EventId_1.evtx │ ├── evasion_persis_hidden_run_keyvalue_sysmon_13.evtx │ ├── persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx │ ├── persist_firefox_comhijack_sysmon_11_13_7_1.evtx │ ├── persist_turla_outlook_backdoor_comhijack.evtx │ ├── persist_valid_account_guest_rid_hijack.evtx │ ├── persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx │ ├── persistence_accessibility_features_osk_sysmon1.evtx │ ├── persistence_hidden_local_account_sysmon.evtx │ ├── persistence_pendingGPO_sysmon_13.evtx │ ├── persistence_security_dcshadow_4742.evtx │ ├── persistence_startup_UserShellStartup_Folder_Changed_sysmon_13.evtx │ ├── persistence_sysmon_11_13_1_shime_appfix.evtx │ ├── sysmon_13_1_persistence_via_winlogon_shell.evtx │ ├── sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx │ ├── sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx │ ├── sysmon_20_21_1_CommandLineEventConsumer.evtx │ ├── sysmon_local_account_creation_and_added_admingroup_12_13.evtx │ └── wmighost_sysmon_20_21_1.evtx │ ├── Privilege Escalation │ ├── 4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx │ ├── 4765_sidhistory_add_t1178.evtx │ ├── CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx │ ├── EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx │ ├── Invoke_TokenDuplication_UAC_Bypass4624.evtx │ ├── NTLM2SelfRelay-med0x2e-security_4624_4688.evtx │ ├── PrivEsc_CVE-2020-1313_Sysmon_13_UScheduler_Cmdline.evtx │ ├── PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx │ ├── PrivEsc_NetSvc_SessionToken_Retrival_via_localSMB_Auth_5145.evtx │ ├── PrivEsc_SeImpersonatePriv_enabled_back_for_upnp_localsvc_4698.evtx │ ├── RogueWinRM.evtx │ ├── Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx │ ├── Sysmon_13_1_UACBypass_SDCLTBypass.evtx │ ├── Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx │ ├── Sysmon_UACME_22.evtx │ ├── Sysmon_UACME_23.evtx │ ├── Sysmon_UACME_30.evtx │ ├── Sysmon_UACME_32.evtx │ ├── Sysmon_UACME_33.evtx │ ├── Sysmon_UACME_34.evtx │ ├── Sysmon_UACME_36_FileCreate.evtx │ ├── Sysmon_UACME_37_FileCreate.evtx │ ├── Sysmon_UACME_38.evtx │ ├── Sysmon_UACME_39.evtx │ ├── Sysmon_UACME_41.evtx │ ├── Sysmon_UACME_43.evtx │ ├── Sysmon_UACME_45.evtx │ ├── Sysmon_UACME_53.evtx │ ├── Sysmon_UACME_54.evtx │ ├── Sysmon_UACME_56.evtx │ ├── Sysmon_UACME_63.evtx │ ├── Sysmon_UACME_64.evtx │ ├── Sysmon_uacme_58.evtx │ ├── System_7045_namedpipe_privesc.evtx │ ├── UACME_59_Sysmon.evtx │ ├── UACME_61_Changepk.evtx │ ├── eop_appcontainer_il_broker_filewrite.evtx │ ├── privesc_KrbRelayUp_windows_4624.evtx │ ├── privesc_registry_symlink_CVE-2020-1377.evtx │ ├── privesc_roguepotato_sysmon_17_18.evtx │ ├── privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx │ ├── privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx │ ├── privesc_spoolfool_mahdihtm_sysmon_1_11_7_13.evtx │ ├── privesc_spoolsv_spl_file_write_sysmon11.evtx │ ├── privesc_sysmon_cve_20201030_spooler.evtx │ ├── privesc_unquoted_svc_sysmon_1_11.evtx │ ├── privexchange_dirkjan.evtx │ ├── samaccount_spoofing_CVE-2021-42287_CVE-2021-42278_DC_securitylogs.evtx │ ├── security_4624_4673_token_manip.evtx │ ├── sysmon_11_1_15_WScriptBypassUAC.evtx │ ├── sysmon_11_1_7_uacbypass_cliconfg.evtx │ ├── sysmon_11_7_1_uacbypass_windirectory_mocking.evtx │ ├── sysmon_13_1_12_11_perfmonUACBypass.evtx │ ├── sysmon_13_1_compmgmtlauncherUACBypass.evtx │ ├── sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx │ ├── sysmon_1_11_exec_as_system_via_schedtask.evtx │ ├── sysmon_1_13_11_cmstp_ini_uacbypass.evtx │ ├── sysmon_1_13_UACBypass_AppPath_Control.evtx │ ├── sysmon_1_7_11_mcx2prov_uacbypass.evtx │ ├── sysmon_1_7_11_migwiz.evtx │ ├── sysmon_1_7_11_sysprep_uacbypass.evtx │ ├── sysmon_1_7_elevate_uacbypass_sysprep.evtx │ ├── sysmon_privesc_from_admin_to_system_handle_inheritance.evtx │ ├── sysmon_privesc_psexec_dwell.evtx │ ├── sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx │ └── win10_4703_SeDebugPrivilege_enabled.evtx │ ├── README.md │ ├── UACME_59_Sysmon.evtx │ ├── evtx_data.csv │ ├── mitre_evtx_repo_map.png │ ├── temp-plot.html │ └── winlogbeat_example.yml ├── scripts ├── bundle-chainsaw-rules.js ├── bundle-sigma-rules.js └── sync-sigma.js ├── src ├── App.tsx ├── components │ ├── AnalysisSelector.css │ ├── AnalysisSelector.tsx │ ├── Dashboard.css │ ├── Dashboard.tsx │ ├── Dashboards.css │ ├── Dashboards.tsx │ ├── ErrorBoundary.css │ ├── ErrorBoundary.tsx │ ├── EventCorrelation.css │ ├── EventCorrelation.tsx │ ├── EventDetailsModal.css │ ├── EventDetailsModal.tsx │ ├── ExportReport.css │ ├── ExportReport.tsx │ ├── FileBreakdownStats.css │ ├── FileBreakdownStats.tsx │ ├── FileDropZone.css │ ├── FileDropZone.tsx │ ├── FileFilter.css │ ├── FileFilter.tsx │ ├── IOCExtractor.css │ ├── IOCExtractor.tsx │ ├── LLMAnalysis.css │ ├── LLMAnalysis.tsx │ ├── LLMSettings.css │ ├── LLMSettings.tsx │ ├── LoadingState.css │ ├── LoadingState.tsx │ ├── ProcessExecutionDashboard.css │ ├── ProcessExecutionDashboard.tsx │ ├── RawLogsView.tsx │ ├── SampleSelector.css │ ├── SampleSelector.tsx │ ├── SessionManager.css │ ├── SessionManager.tsx │ ├── SigmaDetections.css │ ├── SigmaDetections.tsx │ ├── SigmaPlatformSelector.css │ ├── SigmaPlatformSelector.tsx │ ├── SigmaRuleLoader.css │ ├── SigmaRuleLoader.tsx │ ├── Timeline.css │ └── Timeline.tsx ├── evtxBinaryParser.ts ├── index.css ├── lib │ ├── correlationEngine.ts │ ├── evtxWasmParser.ts │ ├── exportReport.ts │ ├── fileColors.ts │ ├── legitimateProcesses.ts │ ├── levenshtein.ts │ ├── llm │ │ ├── dataFormatter.ts │ │ ├── index.ts │ │ ├── llmService.ts │ │ ├── providers │ │ │ ├── anthropic.ts │ │ │ ├── google.ts │ │ │ ├── ollama.ts │ │ │ ├── openai.ts │ │ │ └── types.ts │ │ └── storage │ │ │ ├── apiKeys.ts │ │ │ └── conversations.ts │ ├── sampleDataGenerator.ts │ ├── sessionStorage.ts │ ├── sigma │ │ ├── SigmaEngine.ts │ │ ├── engine │ │ │ ├── compiler.ts │ │ │ ├── matcher.ts │ │ │ ├── modifiers.ts │ │ │ └── optimizedMatcher.ts │ │ ├── index.ts │ │ ├── parser │ │ │ ├── conditionParser.ts │ │ │ └── yamlParser.ts │ │ ├── rules │ │ │ └── mimikatz.yml │ │ ├── types.ts │ │ └── utils │ │ │ ├── autoLoadRules.ts │ │ │ └── ruleLoader.ts │ ├── sigmaEngine.ts │ ├── sigmaRules.ts │ └── virusTotal.ts ├── main.tsx ├── parser.ts ├── sigma-appendix-taxonomy.md ├── types.ts ├── vite-env.d.ts └── wasm │ ├── evtx_wasm.d.ts │ ├── evtx_wasm.js │ └── evtx_wasm_bg.wasm ├── tsconfig.json ├── tsconfig.node.json └── vite.config.ts /.github/CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/.github/CODEOWNERS -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/.gitmodules -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/README.md -------------------------------------------------------------------------------- /docs/updating-sigma-rules.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/docs/updating-sigma-rules.md -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/index.html -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/package.json -------------------------------------------------------------------------------- /public/sun.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/public/sun.svg -------------------------------------------------------------------------------- /sample-evtx.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/sample-evtx.xml -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/.gitignore -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AIEvent.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AIEvent.jpg -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/DE_timestomp_and_dll_sideloading_and_RunPersist.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/readme.md -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_cmd_schtask.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/rundll32_hollowing_wermgr_masquerading.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_injection_persistence_run_key.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/Malware/sideloading_uacbypass_rundll32_injection_c2.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/PanacheSysmon_vs_AtomicRedTeam01.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/WinDefender_Events_1117_1116_AtomicRedTeam.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/panache_sysmon_vs_EDRTestingScript.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/AutomatedTestingTools/readme.md -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunnel_5156.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_4624.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_TerminalServices-RemoteConnectionManagerOperational_1149.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_RDP_Tunneling_TerminalServices-RemoteConnectionManagerOperational_1149.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/DE_sysmon-3-rdp-tun.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/bits_openvpn.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/cmds over dns txt queries and reponses.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/cmds over dns txt queries and reponses.pcap -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/readme.md -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/tunna_iis_rdp_smb_tunneling_sysmon_3.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/tunna_iis_rdp_smb_tunneling_sysmon_3.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Command and Control/web_attack_and_isp_webshell_localhost_access_log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Command and Control/web_attack_and_isp_webshell_localhost_access_log.txt -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/4794_DSRM_password_change_t1098.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/4794_DSRM_password_change_t1098.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/ACL_ForcePwd_SPNAdd_User_Computer_Accounts.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/ACL_ForcePwd_SPNAdd_User_Computer_Accounts.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_4624_4625_LogonType2_LogonProc_chrome.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_DCSync_4662.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_DCSync_4662.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_Mimikatz_Memssp_Default_Logs_Sysmon_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_Mimikatz_Memssp_Default_Logs_Sysmon_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_PetiPotam_etw_rpc_efsr_5_6.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_chrome_firefox_opera_4663.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_chrome_firefox_opera_4663.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_hashdump_4663_4656_lsass_access.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_hashdump_4663_4656_lsass_access.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_keefarce_keepass_credump.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_keefarce_keepass_credump.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_keepass_KeeThief_Get-KeePassDatabaseKey.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_protectedstorage_5145_rpc_masterkey.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_protectedstorage_5145_rpc_masterkey.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_sysmon_hashdump_cmd_meterpreter.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_teamviewer-dumper_sysmon_10.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/CA_teamviewer-dumper_sysmon_10.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/LsassSilentProcessExit_process_exit_monitor_3001_lsass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/LsassSilentProcessExit_process_exit_monitor_3001_lsass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/MSSQL_multiple_failed_logon_EventID_18456.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/MSSQL_multiple_failed_logon_EventID_18456.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/Powershell_4104_MiniDumpWriteDump_Lsass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/Powershell_4104_MiniDumpWriteDump_Lsass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/Sysmon13_MachineAccount_Password_Hash_Changed_via_LsarSetSecret.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/Sysmon13_MachineAccount_Password_Hash_Changed_via_LsarSetSecret.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/Sysmon_13_Local_Admin_Password_Changed.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/Sysmon_13_Local_Admin_Password_Changed.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_CVE-2020-1472_DFIR_System_NetLogon_Error_EventID_5805.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/Zerologon_VoidSec_CVE-2020-1472_4626_LT3_Anonym_follwedby_4742_DC_Anony_DC.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/babyshark_mimikatz_powershell.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/dc_applog_ntdsutil_dfir_325_326_327.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/dc_applog_ntdsutil_dfir_325_326_327.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/discovery_sysmon_1_iis_pwd_and_config_discovery_appcmd.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/etw_ad_netlogon_provider_zerologon_mimikatz.etl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/etw_ad_netlogon_provider_zerologon_mimikatz.etl -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/etw_rpc_zerologon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/etw_rpc_zerologon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/kerberos_pwd_spray_4771.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/phish_windows_credentials_powershell_scriptblockLog_4104.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/phish_windows_credentials_powershell_scriptblockLog_4104.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/ppl_bypass_ppldump_knowdll_hijack_sysmon_security.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/remote_sam_registry_access_via_backup_operator_priv.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/remote_sam_registry_access_via_backup_operator_priv.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon17_18_kekeo_tsssp_default_np.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon17_18_kekeo_tsssp_default_np.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_lsass_memdump.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_11_outlfank_dumpert_and_andrewspecial_memdump.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_1_memdump_comsvcs_minidump.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_10_lsass_mimikatz_sekurlsa_logonpasswords.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_13_keylogger_directx.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_13_keylogger_directx.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_2x10_lsass_with_different_pid_RtlCreateProcessReflection.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_3_10_Invoke-Mimikatz_hosted_Github.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/sysmon_rdrleakdiag_lsass_dump.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Credential Access/tutto_malseclogon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Credential Access/tutto_malseclogon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_104_system_log_cleared.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_104_system_log_cleared.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_1102_security_log_cleared.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_1102_security_log_cleared.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_BYOV_Zam64_CA_Memdump_sysmon_7_10.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_EventLog_Service_Crashed.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Fake_ComputerAccount_4720.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Fake_ComputerAccount_4720.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_KernelDebug_and_TestSigning_ON_Security_4826.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_KernelDebug_and_TestSigning_ON_Security_4826.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Powershell_CLM_Disabled_Sysmon_12.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_Powershell_CLM_Disabled_Sysmon_12.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_ProcessHerpaderping_Sysmon_11_10_1_7.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_UAC_Disabled_Sysmon_12_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_UAC_Disabled_Sysmon_12_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_WinEventLogSvc_Crash_System_7036.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_WinEventLogSvc_Crash_System_7036.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_remote_eventlog_svc_crash_byt3bl33d3r_sysmon_17_1_3.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_renamed_psexec_service_sysmon_17_18.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_renamed_psexec_service_sysmon_17_18.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_suspicious_remote_eventlog_svc_access_5145.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_xp_cmdshell_enabled_MSSQL_EID_15457.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DE_xp_cmdshell_enabled_MSSQL_EID_15457.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/DSE_bypass_BYOV_TDL_dummydriver_sysmon_6_7_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 Update Session Orchestrator Dll Hijack.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 Update Session Orchestrator Dll Hijack.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon 7 dllhijack_cdpsshims_CDPSvc.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_10_Evasion_Suspicious_NtOpenProcess_CallTrace.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Sysmon_12_DE_AntiForensics_MRU_DeleteKey.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Win_4985_T1186_Process_Doppelganging.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/Win_4985_T1186_Process_Doppelganging.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/apt10_jjs_sideloading_prochollowing_persist_as_service_sysmon_1_7_8_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_PsScriptBlockLogging_disabled_sysmon12_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_PsScriptBlockLogging_disabled_sysmon12_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_hiding_files_via_attrib_cmdlet.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_hiding_files_via_attrib_cmdlet.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_portforward_netsh_rdp_sysmon_13_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_powershell_execpolicy_changed_sysmon_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_powershell_execpolicy_changed_sysmon_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_sysmon_13_VBA_Security_AccessVBOM.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_sysmon_13_VBA_Security_AccessVBOM.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/de_unmanagedpowershell_psinject_sysmon_7_8_10.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_conhost_sysmon_10_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/evasion_codeinj_odzhan_spoolsv_sysmon_10_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/faxhell_sysmon_7_1_18_3_bindshell_dllhijack.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/meterpreter_migrate_to_explorer_sysmon_8.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/meterpreter_migrate_to_explorer_sysmon_8.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/process_suspend_sysmon_10_ga_800.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/process_suspend_sysmon_10_ga_800.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sideloading_wwlib_sysmon_7_1_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_10_1_ppid_spoofing.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_13_rdp_settings_tampering.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_2_11_evasion_timestomp_MACE.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Defense Evasion/sysmon_2_11_evasion_timestomp_MACE.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/4799_remote_local_groups_enumeration.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/4799_remote_local_groups_enumeration.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/Discovery_Remote_System_NamedPipes_Sysmon_18.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/Discovery_Remote_System_NamedPipes_Sysmon_18.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/dicovery_4661_net_group_domain_admins_target.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_UEFI_Settings_rweverything_sysmon_6.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_UEFI_Settings_rweverything_sysmon_6.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_bloodhound.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_bloodhound.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_enum_shares_target_sysmon_3_18.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_enum_shares_target_sysmon_3_18.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_local_user_or_group_windows_security_4799_4798.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_local_user_or_group_windows_security_4799_4798.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_meterpreter_ps_cmd_process_listing_sysmon_10.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_psloggedon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_psloggedon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_18_Invoke_UserHunter_NetSessionEnum_DC-srvsvc.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_18_Invoke_UserHunter_NetSessionEnum_DC-srvsvc.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Discovery/discovery_sysmon_3_Invoke_UserHunter_SourceMachine.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/EVTX_Metadata.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/EVTX_Metadata.ipynb -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/BinaryParser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/BinaryParser.py -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/Evtx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/Evtx.py -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/Nodes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/Nodes.py -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/Views.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/Views.py -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__init__.py -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/BinaryParser.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/BinaryParser.cpython-39.pyc -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/Evtx.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/Evtx.cpython-39.pyc -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/Nodes.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/Nodes.cpython-39.pyc -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/Views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/Views.cpython-39.pyc -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/Evtx/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/README.md -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/image_bar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/image_bar.png -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/image_barh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/image_barh.png -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/image_pie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/image_pie.png -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/sankey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_ATT&CK_Metadata/sankey.png -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/EVTX_DataSet_Stats.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/EVTX_DataSet_Stats.PNG -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/Exec_sysmon_meterpreter_reversetcp_msipackage.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/Exec_via_cpl_Application_Experience_EventID_17_ControlPanelApplet.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/Exec_via_cpl_Application_Experience_EventID_17_ControlPanelApplet.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/Sysmon_Exec_CompiledHTML.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/Sysmon_meterpreter_ReflectivePEInjection_to_notepad_.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/evasion_execution_imageload_wuauclt_lolbas.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/evasion_execution_imageload_wuauclt_lolbas.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_driveby_cve-2018-15982_sysmon_1_10.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_driveby_cve-2018-15982_sysmon_1_10.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_msxsl_xsl_sysmon_1_7.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_openurl_FileProtocolHandler.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_shdocvw_openurl.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_11_lolbin_rundll32_zipfldr_RouteTheCall.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_7_jscript9_defense_evasion.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_ftp.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_pcalua.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_lolbin_rundll32_advpack_RegisterOCX.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_1_rundll32_pcwutl_LaunchApplication.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_sysmon_lobin_regsvr32_sct.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/exec_wmic_xsl_internet_sysmon_3_1_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/execution_evasion_visual_studio_prebuild_event.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/revshell_cmd_svchost_sysmon_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/rogue_msi_url_1040_1042.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/rogue_msi_url_1040_1042.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/susp_explorer_exec_root_cmdline_@rimpq_@CyberRaiju.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_11_1_lolbas_downldr_desktopimgdownldr.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_1_11_rundll32_cpl_ostap.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_exec_from_vss_persistence.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbas_rundll32_zipfldr_routethecall_shell.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_lolbin_bohops_vshadow_exec.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_mshta_sharpshooter_stageless_meterpreter.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_vbs_sharpshooter_stageless_meterpreter.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/sysmon_zipexec.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/temp_scheduled_task_4698_4699.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/temp_scheduled_task_4698_4699.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Execution/windows_bits_4_59_60_lolbas desktopimgdownldr.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Execution/windows_bits_4_59_60_lolbas desktopimgdownldr.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/HeatMap.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/HeatMap.PNG -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/LICENSE.GPL: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/LICENSE.GPL -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/DFIR_RDP_Client_TimeZone_RdpCoreTs_104_example.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/DFIR_RDP_Client_TimeZone_RdpCoreTs_104_example.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/ImpersonateUser-via local Pass The Hash Sysmon and Security.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_4624_mimikatz_sekurlsa_pth_source_machine.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_5145_Remote_FileCopy.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_DCOM_MSHTA_LethalHTA_Sysmon_3_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ImageLoad_NFSH_Sysmon_7.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ImageLoad_NFSH_Sysmon_7.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_NewShare_Added_Sysmon_12_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_NewShare_Added_Sysmon_12_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_PowershellRemoting_sysmon_1_wsmprovhost.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_REMCOM_5145_TargetHost.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_Remote_Service01_5145_svcctl.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_Remote_Service01_5145_svcctl.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_Remote_Service02_7045.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_Remote_Service02_7045.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_ScheduledTask_ATSVC_target_host.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMIC_4648_rpcss.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_WMI_4624_4688_TargetHost.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_add_new_namedpipe_tp_nullsession_registry_turla_like_ttp.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_add_new_namedpipe_tp_nullsession_registry_turla_like_ttp.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_dcom_shwnd_shbrwnd_mmc20_failed_traces_system_10016.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_dcom_shwnd_shbrwnd_mmc20_failed_traces_system_10016.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_impacket_docmexec_mmc_sysmon_01.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_regsvc_DirectoryServiceExtPt_Lsass_NTDS_AdamXpn.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_renamed_psexecsvc_5145.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_1_12_13_3_tsclient_SharpRdp.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_12_13_1_SharpRDP.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_DCOM_ShellBrowserWindow_ShellWindows.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_3_DCOM_ShellBrowserWindow_ShellWindows.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_psexec_smb_meterpreter.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_remote_task_src_powershell.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_sysmon_remote_task_src_powershell.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_tsclient_startup_folder.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_tsclient_startup_folder.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_typical_IIS_webshell_sysmon_1_10_traces.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_exec_sysmon_1_winrshost.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_target_wrmlogs_91_wsmanShellStarted_poorLog.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_winrm_target_wrmlogs_91_wsmanShellStarted_poorLog.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmi_PoisonHandler_Mr-Un1k0d3r_sysmon_1_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_wmiexec_impacket_sysmon_whoami.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_xp_cmdshell_MSSQL_Events.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/LM_xp_cmdshell_MSSQL_Events.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/MSSQL_15281_xp_cmdshell_exec_failed_attempt.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/MSSQL_15281_xp_cmdshell_exec_failed_attempt.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/RemotePowerShell_MS_Windows-Remote_Management_EventID_169.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/RemotePowerShell_MS_Windows-Remote_Management_EventID_169.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/dfir_rdpsharp_target_RdpCoreTs_168_68_131.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/dfir_rdpsharp_target_RdpCoreTs_168_68_131.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/lateral_movement_startup_3_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/lateral_movement_startup_3_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_remote_registry_sysmon_1_13_3.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/lm_sysmon_18_remshell_over_namedpipe.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/net_share_drive_5142.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/net_share_drive_5142.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/powercat_revShell_sysmon_1_3.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/remote task update 4624 4702 same logonid.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/remote_file_copy_system_proc_file_write_sysmon_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/sharprdp_sysmon_7_mstscax.dll.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/sharprdp_sysmon_7_mstscax.dll.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/smb_bi_auth_conn_spoolsample.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/smb_bi_auth_conn_spoolsample.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/smbmap_upload_exec_sysmon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/spoolsample_5145.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/spoolsample_5145.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/sysmon_1_exec_via_sql_xpcmdshell.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/sysmon_1_exec_via_sql_xpcmdshell.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Lateral Movement/wmi_remote_registry_sysmon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/README.md: -------------------------------------------------------------------------------- 1 | ### links 2 | * https://app.any.run/tasks/6f234b9c-35dd-4659-be3c-f6ee6a6b1567/ 3 | -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_4104.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_4104.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_get-item.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_get-item.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_invoke-item.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_invoke-item.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_new-item.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_new-item.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_new-object.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_ps_800_new-object.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_sysmon_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/emotet/exec_emotet_sysmon_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/maldoc_mshta_via_shellbrowserwind_rundll32.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/maldoc_mshta_via_shellbrowserwind_rundll32.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/netlogon_log_CVE-2020-1472_ZeroLogon.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/netlogon_log_CVE-2020-1472_ZeroLogon.txt -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Other/rdpcorets_148_mst120_bluekeep_rpdscan_full.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Other/rdpcorets_148_mst120_bluekeep_rpdscan_full.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/DACL_DCSync_Right_Powerview_ Add-DomainObjectAcl.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/Network_Service_Guest_added_to_admins_4732.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/Network_Service_Guest_added_to_admins_4732.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Shime_Microsoft-Windows-Application-Experience_Program-Telemetry_500.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Shime_Microsoft-Windows-Application-Experience_Program-Telemetry_500.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/Persistence_Winsock_Catalog Change EventId_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/evasion_persis_hidden_run_keyvalue_sysmon_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/evasion_persis_hidden_run_keyvalue_sysmon_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persist_bitsadmin_Microsoft-Windows-Bits-Client-Operational.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persist_firefox_comhijack_sysmon_11_13_7_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persist_turla_outlook_backdoor_comhijack.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persist_turla_outlook_backdoor_comhijack.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persist_valid_account_guest_rid_hijack.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persist_valid_account_guest_rid_hijack.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_accessibility_features_osk_sysmon1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_hidden_local_account_sysmon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_hidden_local_account_sysmon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_pendingGPO_sysmon_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_pendingGPO_sysmon_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_security_dcshadow_4742.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_security_dcshadow_4742.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_startup_UserShellStartup_Folder_Changed_sysmon_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_startup_UserShellStartup_Folder_Changed_sysmon_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/persistence_sysmon_11_13_1_shime_appfix.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_13_1_persistence_via_winlogon_shell.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_persist_bitsjob_SetNotifyCmdLine.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_1_smss_child_proc_bootexecute_setupexecute.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_20_21_1_CommandLineEventConsumer.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_local_account_creation_and_added_admingroup_12_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/sysmon_local_account_creation_and_added_admingroup_12_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Persistence/wmighost_sysmon_20_21_1.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/4624 LT3 AnonymousLogon Localhost - JuicyPotato.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/4765_sidhistory_add_t1178.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/4765_sidhistory_add_t1178.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/CVE-2020-0796_SMBV3Ghost_LocalPrivEsc_Sysmon_3_1_10.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/EfsPotato_sysmon_17_18_privesc_seimpersonate_to_system.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Invoke_TokenDuplication_UAC_Bypass4624.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/NTLM2SelfRelay-med0x2e-security_4624_4688.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/NTLM2SelfRelay-med0x2e-security_4624_4688.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_CVE-2020-1313_Sysmon_13_UScheduler_Cmdline.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_CVE-2020-1313_Sysmon_13_UScheduler_Cmdline.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_Imperson_NetSvc_to_Sys_Decoder_Sysmon_1_17_18.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_NetSvc_SessionToken_Retrival_via_localSMB_Auth_5145.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_NetSvc_SessionToken_Retrival_via_localSMB_Auth_5145.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_SeImpersonatePriv_enabled_back_for_upnp_localsvc_4698.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/PrivEsc_SeImpersonatePriv_enabled_back_for_upnp_localsvc_4698.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/RogueWinRM.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Runas_4624_4648_Webshell_CreateProcessAsUserA.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UACBypass_SDCLTBypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_13_1_UAC_Bypass_EventVwrBypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_22.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_23.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_30.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_32.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_33.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_34.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_36_FileCreate.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_37_FileCreate.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_38.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_39.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_41.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_43.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_45.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_53.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_54.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_56.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_63.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_UACME_64.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/Sysmon_uacme_58.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/System_7045_namedpipe_privesc.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/System_7045_namedpipe_privesc.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_59_Sysmon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_61_Changepk.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/UACME_61_Changepk.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/eop_appcontainer_il_broker_filewrite.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_KrbRelayUp_windows_4624.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_KrbRelayUp_windows_4624.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_registry_symlink_CVE-2020-1377.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_registry_symlink_CVE-2020-1377.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_roguepotato_sysmon_17_18.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_rotten_potato_from_webshell_metasploit_sysmon_1_8_3.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_seimpersonate_tosys_spoolsv_sysmon_17_18.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolfool_mahdihtm_sysmon_1_11_7_13.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolfool_mahdihtm_sysmon_1_11_7_13.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_spoolsv_spl_file_write_sysmon11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_sysmon_cve_20201030_spooler.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privesc_unquoted_svc_sysmon_1_11.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/privexchange_dirkjan.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/samaccount_spoofing_CVE-2021-42287_CVE-2021-42278_DC_securitylogs.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/samaccount_spoofing_CVE-2021-42287_CVE-2021-42278_DC_securitylogs.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/security_4624_4673_token_manip.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_15_WScriptBypassUAC.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_1_7_uacbypass_cliconfg.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_11_7_1_uacbypass_windirectory_mocking.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_12_11_perfmonUACBypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_12_11_perfmonUACBypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_compmgmtlauncherUACBypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_13_1_meterpreter_getsystem_NamedPipeImpersonation.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_11_exec_as_system_via_schedtask.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_11_cmstp_ini_uacbypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_13_UACBypass_AppPath_Control.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_mcx2prov_uacbypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_migwiz.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_11_sysprep_uacbypass.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_1_7_elevate_uacbypass_sysprep.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_from_admin_to_system_handle_inheritance.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_privesc_psexec_dwell.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/sysmon_uacbypass_CDSSync_schtask_hijack_byeintegrity5.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/win10_4703_SeDebugPrivilege_enabled.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/Privilege Escalation/win10_4703_SeDebugPrivilege_enabled.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/README.md -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/UACME_59_Sysmon.evtx -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/evtx_data.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/evtx_data.csv -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/mitre_evtx_repo_map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/mitre_evtx_repo_map.png -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/temp-plot.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/temp-plot.html -------------------------------------------------------------------------------- /samples/EVTX-ATTACK-SAMPLES/winlogbeat_example.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/samples/EVTX-ATTACK-SAMPLES/winlogbeat_example.yml -------------------------------------------------------------------------------- /scripts/bundle-chainsaw-rules.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/scripts/bundle-chainsaw-rules.js -------------------------------------------------------------------------------- /scripts/bundle-sigma-rules.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/scripts/bundle-sigma-rules.js -------------------------------------------------------------------------------- /scripts/sync-sigma.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/scripts/sync-sigma.js -------------------------------------------------------------------------------- /src/App.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/App.tsx -------------------------------------------------------------------------------- /src/components/AnalysisSelector.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/AnalysisSelector.css -------------------------------------------------------------------------------- /src/components/AnalysisSelector.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/AnalysisSelector.tsx -------------------------------------------------------------------------------- /src/components/Dashboard.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/Dashboard.css -------------------------------------------------------------------------------- /src/components/Dashboard.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/Dashboard.tsx -------------------------------------------------------------------------------- /src/components/Dashboards.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/Dashboards.css -------------------------------------------------------------------------------- /src/components/Dashboards.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/Dashboards.tsx -------------------------------------------------------------------------------- /src/components/ErrorBoundary.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/ErrorBoundary.css -------------------------------------------------------------------------------- /src/components/ErrorBoundary.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/ErrorBoundary.tsx -------------------------------------------------------------------------------- /src/components/EventCorrelation.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/EventCorrelation.css -------------------------------------------------------------------------------- /src/components/EventCorrelation.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/EventCorrelation.tsx -------------------------------------------------------------------------------- /src/components/EventDetailsModal.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/EventDetailsModal.css -------------------------------------------------------------------------------- /src/components/EventDetailsModal.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/EventDetailsModal.tsx -------------------------------------------------------------------------------- /src/components/ExportReport.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/ExportReport.css -------------------------------------------------------------------------------- /src/components/ExportReport.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/ExportReport.tsx -------------------------------------------------------------------------------- /src/components/FileBreakdownStats.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/FileBreakdownStats.css -------------------------------------------------------------------------------- /src/components/FileBreakdownStats.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/FileBreakdownStats.tsx -------------------------------------------------------------------------------- /src/components/FileDropZone.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/FileDropZone.css -------------------------------------------------------------------------------- /src/components/FileDropZone.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/FileDropZone.tsx -------------------------------------------------------------------------------- /src/components/FileFilter.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/FileFilter.css -------------------------------------------------------------------------------- /src/components/FileFilter.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/FileFilter.tsx -------------------------------------------------------------------------------- /src/components/IOCExtractor.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/IOCExtractor.css -------------------------------------------------------------------------------- /src/components/IOCExtractor.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/IOCExtractor.tsx -------------------------------------------------------------------------------- /src/components/LLMAnalysis.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/LLMAnalysis.css -------------------------------------------------------------------------------- /src/components/LLMAnalysis.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/LLMAnalysis.tsx -------------------------------------------------------------------------------- /src/components/LLMSettings.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/LLMSettings.css -------------------------------------------------------------------------------- /src/components/LLMSettings.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/LLMSettings.tsx -------------------------------------------------------------------------------- /src/components/LoadingState.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/LoadingState.css -------------------------------------------------------------------------------- /src/components/LoadingState.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/LoadingState.tsx -------------------------------------------------------------------------------- /src/components/ProcessExecutionDashboard.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/ProcessExecutionDashboard.css -------------------------------------------------------------------------------- /src/components/ProcessExecutionDashboard.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/ProcessExecutionDashboard.tsx -------------------------------------------------------------------------------- /src/components/RawLogsView.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/RawLogsView.tsx -------------------------------------------------------------------------------- /src/components/SampleSelector.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SampleSelector.css -------------------------------------------------------------------------------- /src/components/SampleSelector.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SampleSelector.tsx -------------------------------------------------------------------------------- /src/components/SessionManager.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SessionManager.css -------------------------------------------------------------------------------- /src/components/SessionManager.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SessionManager.tsx -------------------------------------------------------------------------------- /src/components/SigmaDetections.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SigmaDetections.css -------------------------------------------------------------------------------- /src/components/SigmaDetections.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SigmaDetections.tsx -------------------------------------------------------------------------------- /src/components/SigmaPlatformSelector.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SigmaPlatformSelector.css -------------------------------------------------------------------------------- /src/components/SigmaPlatformSelector.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SigmaPlatformSelector.tsx -------------------------------------------------------------------------------- /src/components/SigmaRuleLoader.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SigmaRuleLoader.css -------------------------------------------------------------------------------- /src/components/SigmaRuleLoader.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/SigmaRuleLoader.tsx -------------------------------------------------------------------------------- /src/components/Timeline.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/Timeline.css -------------------------------------------------------------------------------- /src/components/Timeline.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/components/Timeline.tsx -------------------------------------------------------------------------------- /src/evtxBinaryParser.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/evtxBinaryParser.ts -------------------------------------------------------------------------------- /src/index.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/index.css -------------------------------------------------------------------------------- /src/lib/correlationEngine.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/correlationEngine.ts -------------------------------------------------------------------------------- /src/lib/evtxWasmParser.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/evtxWasmParser.ts -------------------------------------------------------------------------------- /src/lib/exportReport.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/exportReport.ts -------------------------------------------------------------------------------- /src/lib/fileColors.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/fileColors.ts -------------------------------------------------------------------------------- /src/lib/legitimateProcesses.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/legitimateProcesses.ts -------------------------------------------------------------------------------- /src/lib/levenshtein.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/levenshtein.ts -------------------------------------------------------------------------------- /src/lib/llm/dataFormatter.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/dataFormatter.ts -------------------------------------------------------------------------------- /src/lib/llm/index.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/index.ts -------------------------------------------------------------------------------- /src/lib/llm/llmService.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/llmService.ts -------------------------------------------------------------------------------- /src/lib/llm/providers/anthropic.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/providers/anthropic.ts -------------------------------------------------------------------------------- /src/lib/llm/providers/google.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/providers/google.ts -------------------------------------------------------------------------------- /src/lib/llm/providers/ollama.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/providers/ollama.ts -------------------------------------------------------------------------------- /src/lib/llm/providers/openai.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/providers/openai.ts -------------------------------------------------------------------------------- /src/lib/llm/providers/types.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/providers/types.ts -------------------------------------------------------------------------------- /src/lib/llm/storage/apiKeys.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/storage/apiKeys.ts -------------------------------------------------------------------------------- /src/lib/llm/storage/conversations.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/llm/storage/conversations.ts -------------------------------------------------------------------------------- /src/lib/sampleDataGenerator.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sampleDataGenerator.ts -------------------------------------------------------------------------------- /src/lib/sessionStorage.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sessionStorage.ts -------------------------------------------------------------------------------- /src/lib/sigma/SigmaEngine.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/SigmaEngine.ts -------------------------------------------------------------------------------- /src/lib/sigma/engine/compiler.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/engine/compiler.ts -------------------------------------------------------------------------------- /src/lib/sigma/engine/matcher.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/engine/matcher.ts -------------------------------------------------------------------------------- /src/lib/sigma/engine/modifiers.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/engine/modifiers.ts -------------------------------------------------------------------------------- /src/lib/sigma/engine/optimizedMatcher.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/engine/optimizedMatcher.ts -------------------------------------------------------------------------------- /src/lib/sigma/index.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/index.ts -------------------------------------------------------------------------------- /src/lib/sigma/parser/conditionParser.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/parser/conditionParser.ts -------------------------------------------------------------------------------- /src/lib/sigma/parser/yamlParser.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/parser/yamlParser.ts -------------------------------------------------------------------------------- /src/lib/sigma/rules/mimikatz.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/rules/mimikatz.yml -------------------------------------------------------------------------------- /src/lib/sigma/types.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/types.ts -------------------------------------------------------------------------------- /src/lib/sigma/utils/autoLoadRules.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/utils/autoLoadRules.ts -------------------------------------------------------------------------------- /src/lib/sigma/utils/ruleLoader.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigma/utils/ruleLoader.ts -------------------------------------------------------------------------------- /src/lib/sigmaEngine.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigmaEngine.ts -------------------------------------------------------------------------------- /src/lib/sigmaRules.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/sigmaRules.ts -------------------------------------------------------------------------------- /src/lib/virusTotal.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/lib/virusTotal.ts -------------------------------------------------------------------------------- /src/main.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/main.tsx -------------------------------------------------------------------------------- /src/parser.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/parser.ts -------------------------------------------------------------------------------- /src/sigma-appendix-taxonomy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/sigma-appendix-taxonomy.md -------------------------------------------------------------------------------- /src/types.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/types.ts -------------------------------------------------------------------------------- /src/vite-env.d.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/vite-env.d.ts -------------------------------------------------------------------------------- /src/wasm/evtx_wasm.d.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/wasm/evtx_wasm.d.ts -------------------------------------------------------------------------------- /src/wasm/evtx_wasm.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/wasm/evtx_wasm.js -------------------------------------------------------------------------------- /src/wasm/evtx_wasm_bg.wasm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/src/wasm/evtx_wasm_bg.wasm -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/tsconfig.json -------------------------------------------------------------------------------- /tsconfig.node.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/tsconfig.node.json -------------------------------------------------------------------------------- /vite.config.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Koifman/LUMEN/HEAD/vite.config.ts --------------------------------------------------------------------------------