Ebryx Labs's repositories
__DFIR-scripts
Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment
dnsMonitor
A project to monitor DNS and point out stale values.
aws-role_credentials_leakage_monitor
Monitors if the AWS role credentials set on any of the EC2 instances are compromised
ip_reputation_checker
For a file containing list of IPs, shares IP reputation results.
lbWafChecker
Checks WAF association for ALBs and alerts on slack.
s3_obj_downloader
Script to download objects from an S3 bucket
usmConnect
Checks status of USM sensors via selenium.
auto-elasticsearch
Gets targeted data out of elastic search automatically.
aws-cloudwatch_alarms_to_slack
Sends Cloudwatch alarms to Slack
aws-kinesis_demo_bruteforce_app
Fake bruteforce attempts on demo APIs and its detection via Kinesis Analytics app
elasticsearch-indices-deleter
Easily delete Elasticsearch indices by setting this script as a cron job and managed config file
sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
sysmon-config
Sysmon configuration file template with default high-quality event tracing
sysmon-modular
A repository of sysmon configuration modules