blueteam0ps

followers

following

stars

Sydney

BlueTeamOps's repositories

memOptix

A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.

Language:Jupyter NotebookApache-2.093 4 1

AllthingsTimesketch

This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.

Language:ShellApache-2.084 6 7

det-eng-samples

This repository contains sample log data that were collected after running adversary simulations in Microsoft 365

Apache-2.017 10

timesketch

Collaborative forensic timeline analysis

Language:PythonApache-2.0200

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Language:CMIT100

Azure-Sentinel-Notebooks

Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.

Language:Jupyter NotebookMIT100

block-parser

Parser for Windows PowerShell script block logs

Language:PythonApache-2.0100

chainsaw

Rapidly Search and Hunt through Windows Event Logs

Language:RustGPL-3.0100

Infosec_Reference

An Information Security Reference That Doesn't Suck

MIT100

LOLBAS-1

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

GPL-3.0100

Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Language:PowerShellGPL-2.0100

plaso

Super timeline all the things

Language:PythonApache-2.0100

tactical-lists

This repo was created to host lists that can come in handy for DFIR teams.

Apache-2.0100

Tools

Tools from WFA 4/e, timeline tools, etc.

Language:Perl100

bulk_extractor

This is the development tree. Production downloads are at:

Language:C++NOASSERTION000

CyLR-1

CyLR - Live Response Collection Tool

Language:C#GPL-3.0000

DeepBlueCLI

GPL-3.0000

elasticsearch-plaso-pipelines

Elasticsearch pipelines for processing and enriching plaso data

Language:MakefileApache-2.0000

hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

GPL-3.0000

invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

MIT000

plaso_filters

Scripts to facilitate filtering with Plaso

000

Public

Collection of scripts provided for public use

Language:ShellCC0-1.0000

RegRipper3.0

RegRipper3.0

NOASSERTION000

repo-template

A template for creating new repositories in the @orbitdb organization

MIT000

rhq

Recon Hunt Queries

000

Security-Datasets

Re-play Security Events

MIT000

sigma

Generic Signature Format for SIEM Systems

Language:PythonNOASSERTION000

sigma-cli

The Sigma command line interface based on pySigma

Language:Python000

signature-base

YARA signature and IOC database for my scanners and tools

Language:YARANOASSERTION000

SuperMem

A python script developed to process Windows memory images based on triage type.

Language:PythonMIT000