ecapuano

gsuite-login-geoip

A script to analyze geographic GSuite Login activity

PhishReporter-Outlook-Add-In

PhishReporter Outlook Add-In in an Outlook Add-In that allows users to report phishing e-mails to a specific e-mail address for further processing/investigation. Fork of https://github.com/MSAdministrator/PhishReporter-Outlook-Add-In

DumpsterFire

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Graylog_Sysmon

Advanced Threat detection Configurations for Graylog

hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

password_cracking_rules

One rule to crack all passwords. or atleast we hope so.

RITAA

Rudimentary Intelligence and Threat Analysis Application

analyzeMFT

ansible-honeypots

Ares

Python botnet and backdoor

brawl-public-game-001

Data from a BRAWL Automated Adversary Emulation Exercise

caldera

The CALDERA automated adversary emulation system

Cortex-Analyzers

Cortex Analyzers Repository

cowrie

Cowrie SSH/Telnet Honeypot

Defoe

Website defacement detection system based on machine learning

DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

dionaea

Home of the dionaea honeypot

hubot-grafana

Query Grafana dashboards.

iris-web

Incident Response collaborative platform

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE. There is also documentation available in Markdown format

Logstash-Configs

Contains log parsers for Logstash for many systems and applications. Also contains many methods of augmenting logs.

MISP

MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

SELKS

A Suricata based IDS/IPS distro

send

File Sharing Experiment

SlackShell

PowerShell to Slack C2

sso-wall-of-shame

A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

timesketch

Collaborative forensic timeline analysis

velociraptor-docs

Documentation site for Velociraptor

velociraptor-web

Velociraptor's documentation site.

windows-event-forwarding

A repository for using windows event forwarding for incident detection and response