CrimsonCORE's repositories
logstashrest
logstash configuration with REST API plugin
BadBlood
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
docker_elastalert
custom built docker on Ubuntu 16.04 with elastalert
jupyter_threathunt
jupyter notebook to deploy terraform_threathunt an ansible_threathunt
threathunt_student
threathunt repo for students
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
mdBook
Create book from markdown files. Like Gitbook but implemented in Rust
DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
DNSExfiltrator
Data exfiltration over DNS request covert channel
docker_auditbeat
auditbeat docker
docker_coder
jumphost with coder and ansible
docker_filebeat
filebeat 7.4.2 in docker
Invoke-Obfuscation
PowerShell Obfuscator
PEzor
Open-Source PE Packer
PyFuscation
Obfuscate powershell scripts by replacing Function names, Variables and Parameters.
SharpRDP
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
sigma
Generic Signature Format for SIEM Systems
sRDI
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
updog
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
windapsearch
Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
windows-event-forwarding
A repository for using windows event forwarding for incident detection and response