gs3cl

gs3cl

Geek Repo

0

followers

0

following

0

stars

Location:DE

Home Page:https://isecroot.gitbook.io

Twitter:@iSecRoOt1

Github PK Tool:Github PK Tool

ezoic increase your site revenue

gs3cl's repositories

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE.

License:MITStargazers:0Issues:0Issues:0

hayabusa

Hayabusa is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs written in Rust.

License:GPL-3.0Stargazers:0Issues:0Issues:0

WELA

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)

License:GPL-3.0Stargazers:0Issues:0Issues:0

SysmonSimulator

Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

License:LGPL-2.1Stargazers:0Issues:0Issues:0

APTSimulator

A toolset to make a system look as if it was the victim of an APT attack

Language:BatchfileLicense:MITStargazers:0Issues:0Issues:0

awesome-incident-response

A curated list of tools for incident response

License:Apache-2.0Stargazers:0Issues:0Issues:0

vscode-sysmon

Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.

Language:TypeScriptLicense:BSD-3-ClauseStargazers:0Issues:0Issues:0

DFIRMindMaps

A repository of DFIR-related Mind Maps geared towards the visual learners!

License:MITStargazers:0Issues:0Issues:0

EVTX-ATTACK-SAMPLES

Windows Events Attack Samples

Language:HTMLLicense:GPL-3.0Stargazers:0Issues:0Issues:0

EVTX-to-MITRE-Attack

Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.

Stargazers:0Issues:0Issues:0

sysmon-config

Sysmon configuration file template with default high-quality event tracing

Stargazers:0Issues:0Issues:0

KAPE-EZToolsAncillaryUpdater

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

Language:PowerShellLicense:MITStargazers:0Issues:0Issues:0

Awesome-KAPE

A curated list of KAPE-related resources

License:MITStargazers:1Issues:0Issues:0

sigma

Generic Signature Format for SIEM Systems

Language:PythonLicense:NOASSERTIONStargazers:0Issues:0Issues:0

laurel

Transform Linux Audit logs for SIEM usage

Language:RustLicense:GPL-3.0Stargazers:0Issues:0Issues:0

caldera

Automated Adversary Emulation Platform

Language:PythonLicense:Apache-2.0Stargazers:0Issues:0Issues:0

Zircolite

A standalone SIGMA-based detection tool for EVTX.

Language:PythonStargazers:0Issues:0Issues:0
Language:PowerShellLicense:GPL-3.0Stargazers:0Issues:0Issues:0

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

License:BSD-2-ClauseStargazers:0Issues:0Issues:0

Awesome-CobaltStrike-Defence

Defences against Cobalt Strike

License:MITStargazers:0Issues:0Issues:0

APT-Hunter

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

License:GPL-3.0Stargazers:0Issues:0Issues:0

chainsaw

Rapidly Search and Hunt through Windows Event Logs

License:GPL-3.0Stargazers:0Issues:0Issues:0

ForensicImageKAPEOutput

A repository of output using KAPE (!EZParser Module) for various publicly available forensic images freely available!

License:MITStargazers:0Issues:0Issues:0

dfirt

Collect information of Windows PC when doing incident response

Stargazers:0Issues:0Issues:0

DFIR

Incident response teams usually working on the offline data, collecting the evidence, then analyze the data

Stargazers:0Issues:0Issues:0