Prometheus's repositories
detection-rules
Rules for Elastic Security's detection engine
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
emoji-cheat-sheet
A markdown version emoji cheat sheet
evt2sigma
Log Entry to Sigma Rule Converter
EVTX-to-MITRE-Attack
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
iris-web
Incident Response collaborative platform
laurel
Transform Linux Audit logs for SIEM usage
malware-samples
Malware samples, analysis exercises and other interesting resources.
mimikatz
A little tool to play with Windows security
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
PSPKIAudit
PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
RemotePotato0
Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.
reverse-engineering-journal
anything I find interesting regarding reverse engineering
SentinelKQL
Azure Sentinel KQL
sigma
Generic Signature Format for SIEM Systems
sysmon-cheatsheet
All sysmon event types and their fields explained
sysmon-configs
Various complete configs
sysmon-modular
A repository of sysmon configuration modules
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Zircolite
A standalone SIGMA-based detection tool for EVTX.