McL0vinn's repositories
Windows-Forensic-Examination-and-Threat-Hunting
Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can also be used to create a baseline for your environment.For the bests results "Run as Administrator" through CMD and Powershell.
Incident_Response_Script
Small Incident Response Powershell script that collects various data from the system.Good alternative to run on a system while waiting for an approved AV scan( or instead of a scan)
MicrosoftDefender-DiscordCNC
Threat-Hunting KQL query which identifies machines that utilize powershell, cmd or wmic to connect to any URL that includes “cdn.discordapp.com” ,where the action was initiated by a script execution ( .vbs , .bat etc)
MicrosoftDefender-Kaseya_IOCs
Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack
MicrosoftDefender-Egregor
Custom made Query which you can run in your Microsoft Defender - Advanced Hunting tool to look for network activity related to Egregor Ransomware.
Smbclient_Rpcclient_commands
A number of commands for smbclient and rpcclient tools that can be used either for offensive or defensive purposes as well as some Net commands for SMB sessions. You need a valid username/password.