GithubHelp home page GithubHelp logo

cerebralmischief / procmon-filters Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mgeeky/procmon-filters

0.0 2.0 0.0 155 KB

SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral analysis of testing specimens. Inspired and based on Lenny Zeltser's collection.

procmon-filters's Introduction

procmon-filters

SysInternals' Process Monitor filters repository - collected from various places and made up by myself. To be used for quick Behavioral analysis of testing specimens.

What is this?

This is a repository consisting of process monitor filters sets, that when used during analysis tasks can significantly aid events list reading. Procmon when instrumented with proper set of filters and highlights can greatly improve application analysis assignments. Since I was unable to find some valuable procmon filter already in the internet, I decided to come up with some made up by myself. Please feel free to use, and contribute.

How to use them?

Firstly, launch Procmon, then from Filter menu select Organize filters... as shown in the picture below:

Organize Filters

Then, go for importing the file:

Import filters

Finally, having them loaded, you'll have to select them in order to get them loaded by selecting from Filter menu the Load Filter item.

What do they contain?

This section presents only brief description / list of the filters contained in repository. There are files like:

  • Agressive_Noise_Reduction.PMF - containing a lot of entries with load of noisy entries being exclued: Agressive_Noise_Reduction

  • Only_Modifying.PMF - with only few entries specifying implicitely to include only modifying (writing file, deleting file, altering registry keys) events in the events list: Only_Modyfing

Acknowledgment

I would like to state, that couple of these filters come from a package compiled by Lenny Zeltser as presented in his article:

Process Monitor Filters for Malware Analysis and Forensics

Enjoy.

procmon-filters's People

Contributors

mgeeky avatar

Watchers

James Cloos avatar Cerebral Mischief avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.