archb1sh0p

followers

following

stars

archb1sh0p's starred repositories

autogen

A programming framework for agentic AI. Discord: https://aka.ms/autogen-dc. Roadmap: https://aka.ms/autogen-roadmap

Language:Jupyter NotebookCC-BY-4.028816 361 1491

awesome-forensics

A curated list of awesome forensic analysis tools and resources

CC0-1.03743 168 10

chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Language:RustGPL-3.02646 51 91

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Language:JinjaApache-2.02037 80 286

cti

Cyber Threat Intelligence Repository expressed in STIX 2.0

NOASSERTION1681 159 169

EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.

Language:Python1451 54 29

flowframes

Flowframes Windows GUI for video interpolation using DAIN (NCNN) or RIFE (CUDA/NCNN)

Language:PythonGPL-3.01404 25 281

SharpDPAPI

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

Language:C#NOASSERTION1116 34 13

saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

CC-BY-4.0957 18 36

BestEdrOfTheMarket

Little user-mode AV/EDR evasion lab for training & learning purposes

Language:C++MIT955 15 4

FalconHound

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.

Language:GoBSD-3-Clause716 120

attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

Language:TypeScriptApache-2.0527 91 28

Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Language:PowerShellGPL-2.0425 17 48

Azure-AD-Incident-Response-PowerShell-Module

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.

Language:PowerShellMIT405 23 4

ilo4_unlock

A toolkit for patching HPE's iLO 4 Firmware with access to previously inaccessible utilities

Language:ShellGPL-3.0324 26 12

ssh-key-backdoor

Language:Shell319 40

T95-H616-Malware

"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes

Language:Java292 210

dfiq

DFIQ is a collection of investigative questions and the approaches for answering them

Language:PythonApache-2.0241 8 10

TelemetrySource

GPL-3.0210 90

JonMon

Language:CMIT151 40

GenAI-Security-Adventures

Language:Jupyter NotebookMIT90 8 1

trident

A PowerShell incident response script for quick triage

Language:PowerShellApache-2.073 40

Practical-Threat-Detection-Engineering

Practical Threat Detection Engineering, Published by Packt

MIT49 4 5

MS-Graph-BlueTeam

MS Graph Commands and Tools for Blue Teamers

cve-markdown-charts

A simple tool to create mermaid js markdown charts from CVE IDs and CVE keyword searches.

Language:PythonMIT40 1 1

Get-InjectedThreadEx

Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2

Language:PowerShellMIT22 20

Flux_Capacitor_Mini

Miniature PCB Version of Flux Capacitor.

Language:HTMLNOASSERTION13 20

Decks-and-Resources

Links and useful documents from my presentations

CC0-1.010 20

ParrotForce

Azure playbook for automatic evidence collection

6 50

presentations

MIT2 20