Gregor Wegberg's starred repositories
attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
AzureAD-Attack-Defense
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
ICS-Security-Tools
Tools, tips, tricks, and more for exploring ICS Security.
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
awesome-soc
A collection of sources of documentation, as well as field best practices, to build/run a SOC
saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
ransomwatch
the transparent ransomware claim tracker 🥷🏼🧅🖥️
PipeViewer
A tool that shows detailed information about named pipes in Windows
Darksearch
:mag::shipit: Search engine for hidden material. Scraping dark web onions, irc logs, deep web etc...
DFIR-O365RC
PowerShell module for Office 365 and Azure log collection
OneDriveExplorer
OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.
Software-Supply-Chain-Security
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
vss_carver
Carves and recreates VSS catalog and store from Windows disk image.
easy-wins-endpoint-defense
Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endpoints.