Home

Awesome

Pe-SieveToWinEventLog

This repository containing script which allow pe-sieve to log to Windows Event Log so it can be collected for scaled up incident response.

What is pe-sieve?

From author's webpage:

PE-sieve is a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Installation Instructions

From an Admin Powershell console run .\Install.ps1.

Script Activities:

This script does the following:

pesieve2wineventlog.ps1 Activities:

Output