APT-Hunter
APT-Hunter copied to clipboard
ahmedkhlief
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...
File "E:\#Tools\APT-Hunter-main\APT-Hunter.py", line 80, in evtxdetect_auto EvtxDetection.detect_events_powershell_operational_log(powershellop_path_list,input_timezone) File "E:\#Tools\APT-Hunter-main\lib\EvtxDetection.py", line 2293, in detect_events_powershell_operational_log Event_desc = "Found User (" + User[ IndexError: list index out of range
apt-unter is working ok when folder of the logs is "**Logs**" as the following C:\tools\APT-HunterV2.0-Stable+>APT-Hunter.exe -p **\Logs\** -o project3 **But** if i changed to anything else for example C:\tools\APT-HunterV2.0-Stable+>APT-Hunter.exe -p...
Hi @ahmedkhlief, Thank for the cool tool. It used to work fine. Now I am getting: ``` By : Ahmed Khlief , @ahmed_khlief Version : 2.0 Traceback (most recent call...
fixes #18 No more complaints about variable being accessed before assignment: ``` ~/dev/apt-hunter/repo/APT-Hunter fix-error-on-using-variable-before-assignement* 32s .venv ❯ python APT-Hunter.py -p ~/dev/logs-windows -o output_file /$$$$$$ /$$$$$$$ /$$$$$$$$ /$$ /$$ /$$ /$$__...
Sample of the error output and how it was found: ``` ~/dev/apt-hunter/repo/APT-Hunter fix-error-on-using-variable-before-assignement* .venv ❯ python APT-Hunter.py -p ~/dev/logs-windows -o output_file /$$$$$$ /$$$$$$$ /$$$$$$$$ /$$ /$$ /$$ /$$__ $$| $$__...
**windows 10, python 3.7.9** **because errors , in the report, sysmon missed a lot of important information** **The same error occurs regardless of the execution of python or exe** **thx...
Pandas was missing in the Requirements.txt file. I would also request to rename the file to 'requirements.txt' as this is the de-facto standard for pip.
Rather than installing an older python version to use the tool, we can leverage dockerization to save us some effort and time.
My command ``` APT-Hunter.exe -p C:\WINDOWS\System32\winevt\Logs ``` Output ``` Analyzing C:\WINDOWS\System32\winevt\Logs\OSession.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\Parameters.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\Security.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\Setup.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\SMSApi.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\State.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\System.evtx Analyzing C:\WINDOWS\System32\winevt\Logs\Windows PowerShell.evtx Error Analyzing Sysmon logs...
Metadata
Owner
Metadata
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspi...