1r-f0rhun73r's repositories
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
BlueCloud
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
cloud-forensics-utils
Python library to carry out DFIR analysis on the Cloud
conti-leaks-englished
Google and deepl translated conti leaks, which is shared by a member of the conti ransomware group.
ds4n6_lib
Library of functions to apply Data Science in several forensics artifacts
elastic-container
Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
EnterprisePurpleTeaming
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
EventLogging
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
forseti-security
Forseti Security
garble
Obfuscate Go builds
humblebundle-downloader
Download you Humble Bundle Library
kql-for-dfir
A guide to using Azure Data Explorer and KQL for DFIR
labs
This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
LockBit
This is not a crack and not a reverse either. Lockbit RW Source codes have been completely leaked. I'm sharing it so that you don't pay for such things for nothing.
Microsoft-365-Extractor-Suite
A set of PowerShell scripts that allow for complete and reliable acquisition of the Microsoft 365 Unified Audit Log
PoshC2
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Rapid-Response-Reporting
RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provide accurate and timely feedback in the form of reports.
real-time-enforcer
Evaluate existing GCP resources against defined policies. Policies may also contain instructions for remediating such violations.
retoolkit
Reverse Engineer's Toolkit
SecCon-Framework
Security configuration is complex. With thousands of group policies available in Windows, choosing the “best” setting is difficult. It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of some security lockdowns. The SECCON Baselines divide configuration i
thiri-notebook
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
threat-research
Repository of tools, YARA rules, and code-snippets from Stairwell's research team.
translated_conti_leaked_comms
Leaked communication of Conti ransomware group from Jan 29, 2021 to Feb 27, 2022
xknow_infosec
Random Stuff for Cyber Security Incident Response