Logparser Query Files

07 Aug 2022

GitHub: https://github.com/nettitude/logparser

Easy analysis of sysmon log files

We have created a set of queries for sysmon log files that will process each of the Event types that sysmon records – there are 15 different events at the time of writing. You can download these queries from Nettitude’s github account. LogParser studio will allow you to open each query in a separate tab; you can switch tabs according to your investigative needs.

Sample LogParser SQL query

Download Microsoft Logparser Query Files

We will update these as more events become available.

GitHub: https://github.com/nettitude/logparser

Latest Cyber Labs articles

Introducing Raccoon

Article

Introducing Raccoon - a C# tool for extending the screenshot functionality of Command and Control (C2) frameworks, even...
Time Travel Debugging Shellcode with Binary Ninja

Article

Learn how to debug shellcode using Time Travel Debugging (TTD) in Binary Ninja. This guide walks you through...
Binary Ninja Plugin

Article

Recently, in response to a customer incident we needed to reverse engineer a malware sample of WhiteRabbit ransomware...
This Badge is My Badge

Article

When it comes to covert entry assessments, successfully capturing RFID badge values can mean the difference between failure...
Version Tracking in Ghidra

Article

When a binary is reverse engineered using Ghidra, various annotations are applied to aid in understanding the binary’s...
Vulnerabilities in AI Agents

Article

LLMs are becoming increasingly accessible to everyone. It is very easy to create your own LLM system, however...
Emulation with Qiling

Article

Qiling is an emulation framework that builds upon the Unicorn emulator by providing higher level functionality such as...
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM

Article

A walkthrough of CVE-2024-20356, a high severity Command Injection vulnerability affecting a range of Cisco products. This vulnerability...
Flaw in PuTTY P-521 ECDSA signature generation leaks SSH...

Article

This article provides a technical analysis of CVE-2024-31497, a vulnerability in PuTTY discovered by Fabian Bäumer and Marcus Brinkmann...

Logparser Query Files

Easy analysis of sysmon log files

Download Microsoft Logparser Query Files

Latest Cyber Labs articles

Introducing Raccoon

Time Travel Debugging Shellcode with Binary Ninja

Binary Ninja Plugin

This Badge is My Badge

Version Tracking in Ghidra

Vulnerabilities in AI Agents

Emulation with Qiling

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM

Flaw in PuTTY P-521 ECDSA signature generation leaks SSH...