gs3cl's repositories
Awesome-KAPE
A curated list of KAPE-related resources
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
Awesome-CobaltStrike-Defence
Defences against Cobalt Strike
awesome-incident-response
A curated list of tools for incident response
caldera
Automated Adversary Emulation Platform
chainsaw
Rapidly Search and Hunt through Windows Event Logs
Zircolite
A standalone SIGMA-based detection tool for EVTX.
DFIR
Incident response teams usually working on the offline data, collecting the evidence, then analyze the data
DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
dfirt
Collect information of Windows PC when doing incident response
EVTX-ATTACK-SAMPLES
Windows Events Attack Samples
EVTX-to-MITRE-Attack
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
ForensicImageKAPEOutput
A repository of output using KAPE (!EZParser Module) for various publicly available forensic images freely available!
hayabusa
Hayabusa is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs written in Rust.
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
KAPE-EZToolsAncillaryUpdater
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
KapeFiles
This repository serves as a place for community created Targets and Modules for use with KAPE.
KapeStrike
Automate forensic traige package collection and evidence parsing with KAPE and Crowdstrike
laurel
Transform Linux Audit logs for SIEM usage
sigma
Generic Signature Format for SIEM Systems
sysmon-modular
A repository of sysmon configuration modules
SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
vscode-sysmon
Visual Studio Code Microsoft Sysinternal Sysmon configuration file extension.
WELA
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)