✨
Tech Stuff
  • Welcome
  • Threat Hunting
    • Learning ETW
      • Logman
      • SilkETW
      • Apply ETW to Windows Event (1)
    • Learning win32evtlog in python
  • Attack Simulation
    • Atomic Red Team
  • Tools
    • Windows Events Providers Explorer
    • FRIDA for iOS app penetration testing
  • Windows Security
    • User Account Control (UAC)
      • UAC Bypass
  • Windows OS Penetration Testing
    • Metasploit
    • PowerShell
    • Bloodhound
  • Unorganized Python
  • Python - pexpect
  • Python - subprocess for Windows
  • Parsing evtx to json
  • Python - Pykd
  • Workflow
    • Kali Linux on Docker
Powered by GitBook
On this page
  • Background
  • Usage
  • Credit

Was this helpful?

  1. Tools

Windows Events Providers Explorer

https://github.com/lallousx86/WinTools/tree/master/WEPExplorer

PreviousAtomic Red TeamNextFRIDA for iOS app penetration testing

Last updated 4 years ago

Was this helpful?

Background

If you ever have an idea of detecting something in Windows, you must have came across a painful process of finding a relevant event to support your hypothesis. Maybe reading documentation from Microsoft is one of the options but lack of efficiency, right? Until, I found the beauty of WEPexplorer.

Usage

Simply input the provider GUID/name, and select it

Then it return all the available events from the provider. What the most valuable thing is, the Message column gives you the idea of what kind of fields that the particular event provides.

Credit

0xeb

https://twitter.com/0xeb