Blue-infosec's repositories
Ransomware-Tool-Matrix
A resource containing all the tools each ransomware gangs uses
sinon
Automation tool for Windows Deception Host Burn-In
Kdrill
Python tool to check rootkits in Windows kernel
netfetch
Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads.
ELFieScanner
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
Tier0-User-Management
Maintain Tier 0 users. This script take care all Tier 0 users are in the correct OU or in the default user container and add the Kerberos Authentication policy to the user
coderex
A tool that automates regex generation for the x86 and x86-64 instruction sets
inspektor-gadget
The eBPF tool and systems inspection framework for Kubernetes, containers and Linux hosts.
tracee
Linux Runtime Security and Forensics using eBPF
security-profiles-operator
The Kubernetes Security Profiles Operator
attackgen
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details.
Incident-Response-Powershell
PowerShell Digital Forensics & Incident Response Scripts.
bincapz
enumerate binary capabilities, including malicious behaviors
autoaudit
Welcome to Autoaudit, a log tampering detection tool.
ntopng
Web-based Traffic and Security Network Traffic Monitoring
ThreatHunting-Keywords-yara-rules
yara detection rules for hunting with the threathunting-keywords project
uac1
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
SSDT
Stupid Simple Detection Testing
Harden-Windows-Security
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
arkime
Arkime is an open source, large scale, full packet capturing, indexing, and database system.
ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
DefenderYara1
Extracted Yara rules from Windows Defender mpavbase and mpasbase
DefenderYara
Extracted Yara rules from Windows Defender mpavbase and mpasbase
ThreatHunting-Keywords
Awesome list of keywords and artefacts for Threat Hunting sessions
awesome-lists
Security lists for SOC detections
go-epss
A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).
HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities.
armory
Anvilogic Forge
lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors