Sigma Rules

extracting-windows-event-logs-artifacts helps you extract, parse, and analyze Windows Event Logs (EVTX) for digital forensics, incident response, and threat hunting. It supports structured review of logons, process creation, service installs, scheduled tasks, privilege changes, and log clearing with Chainsaw, Hayabusa, and EvtxECmd.

The detecting-evasion-techniques-in-endpoint-logs skill helps hunt defense evasion in Windows endpoint logs, including log clearing, timestomping, process injection, and security tool disabling. Use it for threat hunting, detection engineering, and incident triage with Sysmon, Windows Security, or EDR telemetry.

detecting-living-off-the-land-with-lolbas helps detect LOLBAS abuse with Sysmon and Windows Event Logs, using process telemetry, parent-child context, Sigma rules, and a practical guide for triage, hunting, and rule drafting. It supports detecting-living-off-the-land-with-lolbas for Threat Modeling and analyst workflows with certutil, regsvr32, mshta, and rundll32.