Steve's repositories
ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
AuthLogParser
AuthLogParser is a powerful DFIR tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log
Awesome-GPT-Agents
A curated list of GPT agents for cybersecurity
AWS-SG-Analyzer
Python script to analyze and extract all Security Groups information
catspin
Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.
CB-Threat-Hunting
Security operations queries and actions with CarbonBlack Response. Forked from @0xAnalyst
Conferences
Conference slides
dissect.target
The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
FalconHound
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.
ForensicMiner
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
forensictools
Collection of forensic tools
galah
Galah: an LLM-powered web honeypot using the OpenAI API.
generative-ai-for-beginners
12 Lessons, Get Started Building with Generative AI 🔗 https://microsoft.github.io/generative-ai-for-beginners/
god-mode-rules
God Mode Detection Rules
gsvsoc_cirt-playbook-battle-cards
Cyber Incident Response Team Playbook Battle Cards
Incident-Response-Powershell
This page contains two Powershell Digital Forensics & Incident Response solutions. The first is a complete incident response script. The second is a page where all the individual incident response commands are listed.
KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
kubernetes-for-soc
kubernetes-for-soc aims to fast-track the learning curve for SOC analysts by enabling them to swiftly grasp the essential concepts and knowledge necessary to perform their critical duties.
learning-reverse-engineering
This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.
Linux-Incident-Response
practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response
MDE-DFIR-Resources
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
MDEtester
MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
NetExec
The Network Execution Tool
privacy.sexy
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
ScriptSentry
ScriptSentry finds misconfigured and dangerous logon scripts.
SigmaToARM
Python script to convert Sigma rules to Azure ARM templates for Sentinel-as-Code deployments.
SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.