SCS Labs's repositories
TheWatchList
Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.
HAFNIUM-Microsoft-Exchange-0day
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
blocklist-ipsets
ipsets dynamically updated with firehol's update-ipsets.sh script
ThreatPursuit-VM
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
ansible-role-sysmon
Ansible role for installing Sysmon with popular config files included.
atomic-threat-coverage
Actionable analytics designed to combat threats
Aurora-Incident-Response
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
cloudsploit
Cloud Security Posture Management (CSPM)
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com
Empire
Empire is a PowerShell and Python 3.x post-exploitation framework.
ossec-sysmon
A Ruleset to enhance detection capabilities of Ossec using Sysmon
ScoutSuite
Multi-Cloud Security Auditing Tool
sigma
Generic Signature Format for SIEM Systems
sysmon-modular
A repository of sysmon configuration modules
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide