Tom Sela's starred repositories
awesome-windows-domain-hardening
A curated list of awesome Security Hardening techniques for Windows.
kubeclarity
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
EventCleaner
A tool mainly to erase specified records from Windows event logs, with additional functionalities.
Invoke-ADLabDeployer
Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
DanderSpritz_lab
A fully functional DanderSpritz lab in 2 commands
deception-as-detection
Deception based detection techniques mapped to the MITRE’s ATT&CK framework
Deploy-Deception
A PowerShell module to deploy active directory decoy objects.
raw-socket-sniffer
Packet capture on Windows without a kernel driver
ADImporter
Credit to Helge Klein - https://helgeklein.com/blog/2015/02/creating-realistic-test-user-accounts-active-directory/
HistoricProcessTree
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
GetConsoleHistoryAndOutput
An Incident Response tool to extract console command history and screen output buffer
Get-NetworkConnection
Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Update-AllUsersQA
Update-AllUsersQA is a PowerShell script used to change or disable the security questions and answers for local users in a Windows 10 machine.
regexp_sar
SAR is a new way of handling regular expression which allows us to run many regular expressions (only limitation being the available memory) at once. When adding a regexp, there is also a related callback that will be called upon each match in the same order in which they appear on the text
MIScooterPy
Python code for communicating with Xiaomi M365 Scooter over GATT using bluepy