mattifestation/TCGLogTools mattifestation/TCGLogTools

  • Stars
    star
    49
  • Rank 585,874 (Top 12 %)
  • Language
    PowerShell
  • License
    BSD 3-Clause "New...
  • Created over 6 years ago
  • Updated over 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mattifestation/TCGLogTools
github

mattifestation

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.

More Repositories

1

PowerShellArsenal

A PowerShell Module Dedicated to Reverse Engineering
PowerShell
830
star
2

CimSweep

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
PowerShell
637
star
3

PIC_Bindshell

Position Independent Windows Shellcode Written in C
PowerShell
279
star
4

WMI_Backdoor

A PoC WMI backdoor presented at Black Hat 2015
PowerShell
269
star
5

PSSysmonTools

Sysmon Tools for PowerShell
PowerShell
227
star
6

PSReflect

Easily define in-memory enums, structs, and Win32 functions in PowerShell
PowerShell
212
star
7

WDACTools

A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies
PowerShell
175
star
8

WinPETools

A module designed to simplify the creation, customization, and deployment of bootable Windows Preinstallation Environment (WinPE) images.
PowerShell
144
star
9

BHUSA2018_Sysmon

All materials from our Black Hat 2018 "Subverting Sysmon" talk
PowerShell
138
star
10

AntimalwareBlight

Execute PowerShell code at the antimalware-light protection level.
PowerShell
130
star
11

DeviceGuardBypassMitigationRules

A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses
112
star
12

PoCSubjectInterfacePackage

A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.
PowerShell
94
star
13

BCD

BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functionality of the functions in this module mirror that of bcdedit.exe.
PowerShell
61
star
14

WDACPolicies

A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies
52
star
15

WindowsEventLogMetadata

Event metadata collected across all manifest-based ETW providers on Window 10 1903
30
star
16

ShellcodeExec

A simple shellcode runner
C
23
star
17

CatalogTools

A PowerShell module to assist in parsing and managing catalog files.
PowerShell
18
star
18

UnicornPowerShell

A PowerShell binding for the Unicorn Engine
PowerShell
14
star
19

MSFTTraceMessageFormat

All TMF files that I extracted from Microsoft PDBs.
11
star
20

mattifestation

1
star