Matt Collum's starred repositories
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
awesome-python
An opinionated list of awesome Python frameworks, libraries, software and resources.
velociraptor
Digging Deeper....
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
zeek-agent
This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
physical-docs
This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Invoke-Clipboard
All of Your Copy/Paste Belong to Us: Stealing the clipboard and using it for C2 communications
StegCracker
Steganography brute-force utility to uncover hidden data inside files
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
sysmon-config
Sysmon configuration file template with default high-quality event tracing
vulnreport
Open-source pentesting management and automation platform by Salesforce Product Security
ThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
PowerMeta
PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
macOS-Fortress
Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)