yk's starred repositories
Sigma-Rules
A repository of my own Sigma detection rules.
osquery-defense-kit
Production-ready detection & response queries for osquery
elastic-container
Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
trailscraper
A command-line tool to get valuable information out of AWS CloudTrail
mmk-ui-api
UI, API, and Scanner (Rules Engine) services for Merry Maker
volatility-docker
A suite of Volatility 3 plugins for memory forensics of Docker containers
EnableWindowsLogSettings
Documentation and scripts to properly enable Windows event logs.
AWSome-Pentesting
My cheatsheet notes to pentest AWS infrastructure
EvtxHussar
Initial triage of Windows Event logs
prefetch-hash-cracker
A small util to brute-force prefetch hashes
canarytokens-docker
Docker configuration to quickly setup your own Canarytokens.
VanillaWindowsReference
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
DFIR4vSphere
Powershell module for VMWare vSphere forensics
blackhat-arsenal-tools
Official Black Hat Arsenal Security Tools Repository
the-prime-hunt
A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
npm-initial-access
Easy to extend initial access scenario to help with EDR testing on Linux and Mac
dissect.cobaltstrike
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles