Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/defensivedepth/pertinax

Integrating Sysinternals Autoruns’ logs into Security Onion
https://github.com/defensivedepth/pertinax

Last synced: 25 days ago
JSON representation

Integrating Sysinternals Autoruns’ logs into Security Onion

Host: GitHub
URL: https://github.com/defensivedepth/pertinax
Owner: defensivedepth
License: mit
Created: 2016-05-22T10:37:35.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2024-02-20T19:49:26.000Z (10 months ago)
Last Synced: 2024-08-03T17:12:12.165Z (4 months ago)
Language: PowerShell
Homepage:
Size: 7.81 KB
Stars: 30
Watchers: 9
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-network-stuff - **18**星

README

### **Pertinax**
_Latin: “Persistent, Stubborn”_

The ability to remain active on a target system even after reboots is a key component of a long-term successful compromise. Unfortunately, there are a number of ways for a threat actor to persist in Windows across reboots, and it can be very difficult to comprehensively identify these areas without specialized software. This is where [Sysinternals' Autoruns](https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396) (AR) come into play. Autoruns is a Sysinternals’ tool that has been widely used in the industry to help bring to light the many different areas in Windows used for persistence.

The purpose of Pertinax is succinctly thus:

_To further enhance the host-level capabilities of Security Onion by integrating Sysinternals Autoruns’ logs into the Security Onion ecosystem, and making this data available for OSSEC rulesets as well as ELSA queries._