Angelo T. Aschert's starred repositories
Learning-EDR-and-EDR_Evasion
I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.
Unit42-timely-threat-intel
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.
ics-forensics-tools
Microsoft ICSpector (ICS Forensics Tools framework) is an open-source forensics framework that enables the analysis of Industrial PLC metadata and project files.
windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
malware-ioc
Indicators of Compromise for malware documented in whitepapers.
Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
Harden-Windows-Security
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
the-prime-hunt
A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation
react-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
artifactcollector
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
attackgen
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details.
macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
icsnpp-profinet-io-cm
Zeek Profinet I/O Context Manager Parser - CISA ICSNPP
play.backdoorsandbreaches.com
Dashboard for conducting Backdoors and Breaches sessions over Zoom.