Search the Community

APT-Hunter is a Threat Hunting tool for windows event logs which made by the purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity. This tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected. If you are a Threat Hunter, Incident Responder, or forensic investigator, I assure you will enjoy using this tool, why? I will discuss the reason in this article and how it will make your life easy just it made mine. Kindly note this tool is heavily tested but still a beta version and may contain bugs. if you are using APT-Hunter you will have : uncover any suspicious activity you don’t know about before it turns to a big incident . Detect APT movements in the system based on events from previous discovered APT attacks. Make a good use of the windows event logs you collected . faster attack detection which will decrease the response time in order to quickly contain and eradicate the attacks. Output configured to be compatible with timesketch so you can do time line analysis . With the important 60 use cases configured in one place you will invest your time in other data sources . Faster investigating multiple servers in short amount of time . it will help you in cases you don’t have much time to do deep investigation . Free Open source tool that will serve you without any limitation . Personally i used it in many incident and helped me uncover events i missed out and allowed me finish the investigations faster . Turn millions of events into hundreds with severity you can use as a filter. Changelog v3.0 New use cases based on new attacks and incidents. More statistics and detection for new log sources (Group Policy , SMB Client , SMB Server) Rebuilt with Multiprocessing to utilize available resources. Specify start and end date to focus on specific time period. lightning-fast Regex Hunt that go through tons of logs in minutes . New Object Access Report. New Process Execution Report. New Summary of Detection Results. New statistics sheet that include the unique powershell commands executed in the systems. New Statistics sheet for RDP client events with events SID automatically resolved to users. New Statistics sheet for executed powershell commands. Now you don’t need to bruteforce EventID 1029 hash to get username . WinRM events SID now automatically resolved to user name. New collected SID report that will provide you all the discovered SID with their user name. New scoring system for powershell detection to let you focus on important events. APT-Hunter now can handle any number or size of windows event logs. Hunting module now allow you to include specific event ID to search. Hunting module now allow you to provide a file with a list of regex [hide][Hidden Content]]

Eventmie Pro – Create a dedicated multi-organization platform for Event Planning & management. [Hidden Content] [hide][Hidden Content]]

Phant0m | Windows Event Log Killer Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concern to NT designers because creating Windows processes takes more time and consumes more memory than in other operating systems, e.g. in the Unix family.1 This means briefly that; On Windows operating systems, svchost.exe manages the services and services are actually running under svchost.exe’s as threads. Phant0m targets the Event Log service and finding the process responsible for the Event Log service, it detects and kills the threads responsible for the Event Log service. Thus, while the Event Log service appears to be running in the system (because Phant0m didn't kill process), it does not actually run (because Phant0m killed threads) and the system does not collect logs. [hide][Hidden Content]]

WordPress Event Tickets plugin version 4.10.7.1 suffers from a CSV injection vulnerability. View the full article

Netartmedia Event Portal version 2.0 suffers from a remote SQL injection vulnerability. View the full article

Event Locations version 1.0.1 suffers from a remote SQL injection vulnerability. View the full article

Event Calendar version 3.7.4 suffers from a remote SQL injection vulnerability. View the full article

Joomla Event Booking component version 3.8.3 suffers from a database backup disclosure vulnerability. View the full article

School Event Management System version 1.0 suffers from a remote SQL injection vulnerability. View the full article

School Event Management System version 1.0 suffers from a cross site request forgery vulnerability. View the full article

School Event Management System version 1.0 suffers from a remote shell upload vulnerability. View the full article

FsPro Labs Event Log Explorer version 4.6.1.2115 suffers from an XML external entity injection vulnerability. View the full article