DfirJos

Jos's repositories

CnC-detection

Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation

Language:Bro17 20

DNS-tracer

Tracing the source of internal DNS requests with Microsoft Event Trace Log (ETL) files

Language:PowerShell3 10

sjosz-KAPE_mft

Logstash config that uploads CSV file containing parsed MFT with MFTEcmd

1 10

aws-tools-for-powershell

The AWS Tools for PowerShell lets developers and administrators manage their AWS services from the PowerShell scripting environment.

Language:C#Apache-2.0000

CVE-2019-19781

DFIR notes for Citrix ADC (NetScaler) appliances vulnerable to CVE-2019-19781

010

CyberThreatHunting

A collection of resources for Threat Hunters

Language:PythonGPL-3.0000

import-configurations

Import configurations for Firefly III

NOASSERTION000

joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

Language:CNOASSERTION020

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE.

MIT000

Parse-and-Enrich

Language:Python010

malleable-c2

Cobalt Strike Malleable C2 Design and Reference Guide

GPL-3.0000

openssh-portable

Portable OpenSSH, all Win32-OpenSSH releases and wiki are managed at https://github.com/powershell/Win32-OpenSSH

NOASSERTION000

RECmd

Command line access to the Registry

MIT000

RegistryPlugins

MIT000

sysmon-config

Sysmon configuration file template with default high-quality event tracing

000

velociraptor

Digging Deeper....

Language:GoNOASSERTION000

velociraptor-docs

Documentation site for Velociraptor

NOASSERTION000