Dan StaffordMar 6

#mwgic #2026 #Windows #Microsoft #Server #Windows11 #SysAdmin #EventLogs

Microsoft closes one of the oldest troubleshooting gaps in Windows 11 and Server 2025 - Neowin https://share.google/VmEoQrybs9xxx2V5Y

Software CampusJun 25, 2025

Meet our #SoftwareCampus participant Humam Kourani, PhD student at #FraunhoferFIT (Fraunhofer ICT Group). Together with #Celonis as a partner, he's developing a prototype that can generate #ProcessModels from #TextualDescriptions & #EventLogs. 📝

🎯 The aim: turning chaos into clarity by paving the way for smarter, more agile operations.

👇 Click here to have a broader insight:

https://softwarecampus.de/en/projekt/streamlined-business-process-modeling-sbpm/

#DataMining
#ApplicationSoftware
#HumanComputerInteraction #HCI

Hal PomeranzFeb 28, 2025

Coty Tuggle put together this cool lightweight incident tracking framework (adapted from earlier work by CrowdStrike). If you're dealing with Windows event logs in your investigation, this looks like a great resource for individual analysts to organize their investigations and produce incident timelines in a reproducible manner. Coty's example does it with Splunk, but it should be easy to adapt his framework to your preferred log analysis platform.

https://medium.com/@ctugglev/you-can-run-but-my-tracker-is-faster-38f9bacaf324

#DFIR #Windows #EventLogs

You Can Run, But My Tracker Is Faster - Coty Tuggle - Medium

This incident tracker is something I developed as I worked towards a goal of mine to solve all the available labs on The DFIR Report. When I first was making my way through the labs I would just jump…

Medium
AaronOct 8, 2024

Excited to share my latest paper, "Activity and Sequence Detection Evaluation Metrics," co-authored with my colleagues at the University of St. Gallen. We introduce #AquDeM, a tool for event log comparison, featuring a Python library and a web app for evaluating activity detection methods. Check it out for insights into IoT-based event logs and BPM applications! #IoT #BPM #EventLogs #ProAmbitIon @snsf_ch

Paper: https://ceur-ws.org/Vol-3758/paper-13.pdf
GitHub: https://github.com/ics-unisg/aqudem

Tedi HeriyantoApr 23, 2024

Windows RDP Event Logs:
- Part 1: https://systemweakness.com/windows-rdp-event-logs-identification-tracking-and-investigation-part-1-d1f23e26cc05

- Part 2: https://systemweakness.com/windows-rdp-event-logs-part-2-bbbc35898455

#rdp #dfir #eventlogs

Windows RDP Event Logs: Part-1 - System Weakness

Remote Desktop Protocol (RDP) is a widely used technology that allows users to connect remotely to another computer or server over a network. As a powerful tool for remote administration, RDP has…

System Weakness
Tedi HeriyantoApr 23, 2024

PowerShell – Everything you wanted to know about Event Logs: https://evotec.pl/powershell-everything-you-wanted-to-know-about-event-logs/

#powershell #eventlogs

PowerShell - Everything you wanted to know about Event Logs and then some - Evotec

If you feel this title is very familiar to you it's because I actually have stolen the title from Kevin Marquette. I'm in awe of his posts that take you thru topic from beginning till the end. No splitting, no hiding anything, everything on a plate, in a single post. That's why I've decided to write a post that will take you on a trip on how to work with Event Logs, something that is an internal part of Windows Administration. If you've never worked with Events and you're in IT you most likely should make an effort to find out what it is and how you can eat it.

Evotec
Damon Mohammadbagher ✅Sep 19, 2023

Source code for [new ver 2.1.51.590] of ETWPM2Monitor2.1 (blue teaming tool) Published,
in this version some bugs fixed + New Tab called "Alarms by Memory Scanner" added, i did not add events of this new Tab to Windows event logs because of a lot (false positive) so i decided to show events only without adding to WinEventLog called ETWPM2Monitor2 in this update...
this code needs more test but i think its time to publish new ver ;)

ETWPM2Monitor2.1 C# Source code => https://lnkd.in/eFnn2TzQ

#blueteam #soc #threathunting #pentesting #redteam #etw #monitoring #eventlogs #memoryscanner #scanner #inmemory

LinkedIn

This link will take you to a page that’s not on LinkedIn

Damon Mohammadbagher ✅Sep 19, 2023

Sliver-C2 and moving from Beacon Mode to Session Mode ...

AV bypassed, working with some C2 server is really important, like Sliver...
#c2c #blueteam #soc #threathunting #pentesting #redteam #etw #monitoring #eventlogs #memoryscanner #scanner #inmemory

      0xD Apr 18, 2023
Windows Event Logs - I have just completed this room! Check it out: https://tryhackme.com/room/windowseventlogs #tryhackme #eventlogs #wevtutil #get-winevent #eventviewer #windowseventlogs via @RealTryHackMe
TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe
José Pedro MayoMar 1, 2023
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
#cybersecurity #hardening #CISARedTeam #Monitoring #eventlogs #EDR