bfuzzy

auditd-attack

A Linux Auditd rule set mapped to MITRE's Attack Framework

ThreatHunter-Playbook

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

FuzzySysmon

My sysmon config I use for testing purposes

mac4n6

Collection of forensics artifacs location for Mac OS X and iOS

OSSEM

Open Source Security Events Metadata (OSSEM)

threat_hunting_tables

Theat hunting notes in flat file format and mapped to MITRE's ATT&CK IDs

threathunting-spl

Splunk code (SPL) useful for serious threat hunters.

Windows-Hunting

Windows_Baselines

Windows Baselines

APTSimulator

A toolset to make a system look as if it was the victim of an APT attack

crave

Framework to automatically test and explore the capabilities of generic AV engines

docker-bro

Bro IDS Dockerfile

Grouper

A PowerShell script for helping to find vulnerable settings in AD Group Policy.

HELK

The Hunting ELK

PowerLessShell

Run PowerShell command without invoking powershell.exe

PowerShell-Suite

My musings with PowerShell

PyPowerShellXray

Python script to decode common encoded PowerShell scripts

search-guard

Search Guard is an Open Source Elasticsearch plugin that offers encryption, authentication, and authorisation.

Security-Data-Analysis

A series of labs that will help users apply various data science techniques to security related data.

Skadi

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

SOC_Stuff

sRDI

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

sysmon-modular

A repository of sysmon configuration modules

Threat-Hunty-Stuff

Random Threat Hunting Stuff

Vega_Sankey

Vega Sankey

whids

WinLogsZero2Hero

This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.