Skip to content

conway87/HEG-BeefEater

Folders and files

NameName
Last commit message
Last commit date

Latest commit

7c963f8 · Aug 21, 2024

History

11 Commits
Aug 21, 2024
Jul 31, 2024
Aug 8, 2024

Repository files navigation

BeefEater


BeefEater is a double downed version of HEG. It generates way more events with less hand holding. BeefEater is not for casuals. This version of HEG is geared for people who need to see a multitude of events that might only have slight variations.


e.g. What events would be generated from modifying a registry key in cmd versus modifying it in JScript? In that scenario would you get better telemetry from Windows Security or Sysmon?


  1. Read the wiki over on the main HEG repo. For quick start:

    • Download and extract repo
    • Make sure folder containg main script is called 'HEG' (\HEG\HEG.ps1)
    • Launch PowerShell as admin
    • Locate and run HEG.ps1
    • After it completes, check the Logs directory