├── .gitignore ├── LICENSE ├── PSWasp ├── PSWasp.psd1 ├── PSWasp.psm1 ├── Providers │ ├── MS-Kernel │ │ ├── Kernel-Session-Notes.txt │ │ └── Parse-KernelSessionETL.ps1 │ ├── MS-Windows-DNS-Client │ │ ├── DNS-IDs-Descriptions.txt │ │ ├── DNS-Notes.txt │ │ ├── Monitored-DNS-Events │ │ ├── Parse-MSWindowsDNSClientETL.ps1 │ │ └── Parse-WinDNSClientETL.ps1 │ ├── MS-Windows-Kernel-File │ │ ├── Monitored-Kernel-File-Events.txt │ │ └── Parse-MSWindowsKernelFile.ps1 │ ├── MS-Windows-Kernel-Network │ │ ├── Monitored-Kernel-Network-Events.txt │ │ └── Parse-MSWindowsKernelNetworkETL.ps1 │ ├── MS-Windows-Kernel-Process │ │ ├── Monitored-Kernel-Process-Events.txt │ │ └── Parse-MSWindowsKernelProcessETL.ps1 │ └── MS-Windows-PowerShell │ │ ├── Parse-MSWindowsPS.ps1 │ │ └── PowerShell-Notes.txt ├── Tests │ └── EventTrace.Tests.ps1 └── lib │ ├── Microsoft.Diagnostics.Tracing.TraceEvent.dll │ ├── amd64 │ ├── KernelTraceControl.dll │ └── msdia140.dll │ └── x86 │ ├── KernelTraceControl.dll │ └── msdia140.dll ├── README.md └── demo ├── Start-Demo.ps1 ├── dcdemo.mov ├── dcdemoetlfiles.zip ├── demo.txt └── demo.xml /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/* 2 | *.etl 3 | .DS_Store 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/LICENSE -------------------------------------------------------------------------------- /PSWasp/PSWasp.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/PSWasp.psd1 -------------------------------------------------------------------------------- /PSWasp/PSWasp.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/PSWasp.psm1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Kernel/Kernel-Session-Notes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Kernel/Kernel-Session-Notes.txt -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Kernel/Parse-KernelSessionETL.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Kernel/Parse-KernelSessionETL.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-DNS-Client/DNS-IDs-Descriptions.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-DNS-Client/DNS-IDs-Descriptions.txt -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-DNS-Client/DNS-Notes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-DNS-Client/DNS-Notes.txt -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-DNS-Client/Monitored-DNS-Events: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-DNS-Client/Monitored-DNS-Events -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-DNS-Client/Parse-MSWindowsDNSClientETL.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-DNS-Client/Parse-MSWindowsDNSClientETL.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-DNS-Client/Parse-WinDNSClientETL.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-DNS-Client/Parse-WinDNSClientETL.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-Kernel-File/Monitored-Kernel-File-Events.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-Kernel-File/Monitored-Kernel-File-Events.txt -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-Kernel-File/Parse-MSWindowsKernelFile.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-Kernel-File/Parse-MSWindowsKernelFile.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-Kernel-Network/Monitored-Kernel-Network-Events.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-Kernel-Network/Monitored-Kernel-Network-Events.txt -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-Kernel-Network/Parse-MSWindowsKernelNetworkETL.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-Kernel-Network/Parse-MSWindowsKernelNetworkETL.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-Kernel-Process/Monitored-Kernel-Process-Events.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-Kernel-Process/Monitored-Kernel-Process-Events.txt -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-Kernel-Process/Parse-MSWindowsKernelProcessETL.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-Kernel-Process/Parse-MSWindowsKernelProcessETL.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-PowerShell/Parse-MSWindowsPS.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Providers/MS-Windows-PowerShell/Parse-MSWindowsPS.ps1 -------------------------------------------------------------------------------- /PSWasp/Providers/MS-Windows-PowerShell/PowerShell-Notes.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /PSWasp/Tests/EventTrace.Tests.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/Tests/EventTrace.Tests.ps1 -------------------------------------------------------------------------------- /PSWasp/lib/Microsoft.Diagnostics.Tracing.TraceEvent.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/lib/Microsoft.Diagnostics.Tracing.TraceEvent.dll -------------------------------------------------------------------------------- /PSWasp/lib/amd64/KernelTraceControl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/lib/amd64/KernelTraceControl.dll -------------------------------------------------------------------------------- /PSWasp/lib/amd64/msdia140.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/lib/amd64/msdia140.dll -------------------------------------------------------------------------------- /PSWasp/lib/x86/KernelTraceControl.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/lib/x86/KernelTraceControl.dll -------------------------------------------------------------------------------- /PSWasp/lib/x86/msdia140.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/PSWasp/lib/x86/msdia140.dll -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/README.md -------------------------------------------------------------------------------- /demo/Start-Demo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/demo/Start-Demo.ps1 -------------------------------------------------------------------------------- /demo/dcdemo.mov: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/demo/dcdemo.mov -------------------------------------------------------------------------------- /demo/dcdemoetlfiles.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/demo/dcdemoetlfiles.zip -------------------------------------------------------------------------------- /demo/demo.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/demo/demo.txt -------------------------------------------------------------------------------- /demo/demo.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/matthastings/PSalander/HEAD/demo/demo.xml --------------------------------------------------------------------------------