Nedim Šabić²

### What is the purpose of this PR / why it is needed? Identifies creation of a process on behalf of the CLR debugging facility which may be indicative of...

### What is the purpose of this PR / why it is needed? Identifies the creation of a hidden local account. Adversaries can create hidden accounts by appending the dollar...

### What is the purpose of this PR / why it is needed? Fixes spurious conditions when querying process protection attributes. ### What type of change does this PR introduce?...

**What is the purpose of this PR / why it is needed?** Bump `www.velocidex.com/golang/go-ntfs` to latest version. **What type of change does this PR introduce?** - [x] Refactor (non-breaking change...

**What is the purpose of this PR / why it is needed?** The `thread.teb_address` filter field returns the thread environment block base address. TEB is the userspace representation of a...

I'm the author of [Fibratus](https://github.com/rabbitstack/fibratus), an open-source adversary tradecraft detection, prevention, and hunting tool focused on Windows security. I wanted to take a moment to express my appreciation for the...

### What is the purpose of this PR / why it is needed? Deprecate the bespoke `util/atomic` package in favor of the standard library atomic package. ### What type of...

### What is the purpose of this PR / why it is needed? Remove a couple of useless filaments. ### What type of change does this PR introduce? --- >...

### What is the purpose of this PR / why it is needed? Initialize the `VERSION` variable to `0.0.0` (dev) if it is not provided. ### What type of change...

**Motivation** Examining the Fibratus logs can be a hassle, especially if the end user is not familiar with Powershell. It would be much more convenient if the Fibratus CLI provided...