ForensicITGuy

Tony M Lambert's repositories

libpreloadvaccine

Whitelisting LD_PRELOAD libraries using LD_AUDIT

Language:CMIT60 4 1

handy-cti

Resources I've found useful for my CTI work

MIT11 50

forensicitguy.github.io

ForensicITGuy Blog

Language:ShellMIT6 20

Invoke-PartyParrot

Bringing the Party Parrot to PowerShell

Language:PowerShellMIT6 20

Find-Logons

PowerShell tool to lookup AD user info and track down account lockouts in AD domain

Language:PowerShell4 3 2

rhh-md5

Calculate the PE Rich Header MD5 hash

Language:PythonMIT3 30

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Language:PowerShellMIT1 10

Clean-IISLogs

PowerShell tools to remove IIS logs according to retention policy

Language:PowerShell1 20

CSharp-RunPE

Hide malware behind a legit process C#

Language:C#1 10

malware-analysis-tools

Language:PowerShellMIT100

malware-analyst-crash-course

Malware Analyst Crash Course

1 20

clth-study-group

Scripts used for a Jupiter Broadcasting Command-Line Threat Hunting Study Group

Language:ShellMIT020

golang-temperature-converter-cli

Language:Go010

PSProfile

Language:PowerShell000

python-decoding-sensor-data

Language:Python010

reverse-bytes

A simple Python 3 script to reverse the order of bytes in a file and write the result to a second.

Language:PythonMIT020

salt-states

This repository maintains the SaltStack state files for the REMnux distro.

Language:SaltStack010

tools

Scripts and tools accompanying HP Threat Research blog posts and reports.

Language:PythonMIT010

vscode-attack

Visual Studio Code extension for MITRE ATT&CK

Language:TypeScriptBSD-3-Clause010

yara

The pattern matching swiss knife

Language:CBSD-3-Clause000