Exploit Notes

Windows XML EventLog (EVTX)

Last modified: 2023-03-10

Windows

EVTX is used for Microsoft Windows to store system log information.

Read EVTX in Linux

We can parse .evtx file in Linux using evtx_dump.

wget https://github.com/omerbenamram/evtx/releases/download/v0.8.1/evtx_dump-v0.8.1-x86_64-unknown-linux-gnu -O evtx_dump
chmod +x evtx_dump
./evtx_dump example.evtx > parsed.txt

Now we can find sensitive information from the parsed text.

grep -i TargetUserName parsed.txt
grep -i TargetDomainName parsed.txt

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.