Skip to content
/ WinEnum Public

Toolkit to detected abnormal activities on a Windows machine.

10 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TmmmmmR/WinEnum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
auto
auto
 
 
manuel
manuel
 
 
README.md
README.md
 
 

Repository files navigation

WinEnum

Toolkit to detected abnormal activities within a Windows machine.

Usage

  1. Collect Volatile Data :

This toolkit is a custom CLI tool (based on sysinternals suite tools) to retrieve/collect informations from a Windows system. Here is a list of the specific types of volatile information collected :

  • System time
  • Logged-on user(s)
  • Remote Open files
  • Network information
  • Network connections
  • Process information
  • Process-to-port mapping
  • Process memory
  • Network status
  • Running service information
  • Open Shares
  1. Data Analysis

Using the collected data we look for anomalous behavior that might be caused by a computer intrusion, such as:

  • Unusual Processes and Services
  • Unusual Files and Registry Keys
  • Unusual Network Usage
  • Unusual Scheduled Tasks
  • Unusual Accounts
  • Etc.

References

About

Toolkit to detected abnormal activities on a Windows machine.

Resources

Readme
Activity

Stars

10 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages