Beast code in Giters

FalconForce's repositories

FalconHound

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.

Language:GoBSD-3-Clause680 120

FalconFriday

Hunting queries and detections

BSD-3-Clause666 51 2

SOAPHound

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

Language:C#GPL-3.0577 11 10

BOF2shellcode

POC tool to convert CobaltStrike BOF files to raw shellcode

Language:CNOASSERTION162 6 1

SysWhispers2BOF

Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

Language:Python117 40

KQLAnalyzer

REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.

Language:C#2600

FalconForge

This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365 Defender products.

Language:Python13 50

Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language:Jupyter NotebookMIT7 40

ParrotForce

Azure playbook for automatic evidence collection

6 50

ADExplorerSnapshot.py

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Language:Python2 10

AzureHoundAutoCollect

Some plumbing to automate the collection of AzureHound

Language:Shell2 40