Giters
Kevin Caballero (kevinccaballero)

kevinccaballero

Geek Repo

2

followers

20

following

79

stars

Location:Australia

Home Page:https://www.linkedin.com/in/kevinccaballero/

Twitter:@kilocharlie_

Github PK Tool:Github PK Tool

Kevin Caballero's starred repositories

ConditionalAccess

Language:PowerShellLicense:MITStargazers:255Issues:0Issues:0

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Language:JinjaLicense:Apache-2.0Stargazers:2026Issues:0Issues:0

Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations

Language:PowerShellLicense:MITStargazers:1474Issues:0Issues:0

o365_dataset

A dataset containing Office 365 Unified Audit Logs for security research and detection

Stargazers:39Issues:0Issues:0

stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

Language:GoLicense:Apache-2.0Stargazers:1679Issues:0Issues:0

mac_apt

macOS (& ios) Artifact Parsing Tool

Language:PythonLicense:MITStargazers:740Issues:0Issues:0

Purpleteam

Purpleteam scripts simulation & Detection - trigger events for SOC detections

Language:PowerShellStargazers:142Issues:0Issues:0

Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Language:PythonLicense:BSD-3-ClauseStargazers:1103Issues:0Issues:0

KQLAnalyzer

REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.

Language:C#Stargazers:26Issues:0Issues:0

AzureAAD-ManagedId-RoleAssignmentsCleanupOrphanedAccounts

AzureAAD ManagedId RoleAssignments inheritance & Cleanup Orphaned Accounts

Language:PowerShellLicense:MITStargazers:8Issues:0Issues:0

awesome-kubernetes-threat-detection

A curated list of resources about detecting threats and defending Kubernetes systems.

Stargazers:351Issues:0Issues:0

decider

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

Language:HTMLLicense:NOASSERTIONStargazers:1036Issues:0Issues:0

ChopChopGo

Rapidly Search and Hunt through Linux Forensics Artifacts

Language:GoLicense:GPL-3.0Stargazers:173Issues:0Issues:0

DFIR-O365RC

PowerShell module for Office 365 and Azure log collection

Language:PowerShellLicense:GPL-3.0Stargazers:229Issues:0Issues:0

Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language:Jupyter NotebookLicense:MITStargazers:4403Issues:0Issues:0

ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Language:PythonLicense:MITStargazers:3933Issues:0Issues:0

DFIR-Resources

Some important DFIR Resources

License:CC-BY-4.0Stargazers:82Issues:0Issues:0

RepositoriesSampleContent

Language:PowerShellStargazers:37Issues:0Issues:0

MDE-Quickstart

MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore

Language:PowerShellLicense:GPL-3.0Stargazers:65Issues:0Issues:0

SentinelAutomationModules

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Language:PowerShellLicense:MITStargazers:201Issues:0Issues:0

AzureAD-Attack-Defense

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Language:PowerShellStargazers:2004Issues:0Issues:0

WindowsTimeline

Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)

Language:PowerShellLicense:MPL-2.0Stargazers:171Issues:0Issues:0

TheDefendersGuide

The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson

Stargazers:140Issues:0Issues:0

ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs

Language:BicepLicense:MITStargazers:733Issues:0Issues:0

xdg-credentials-portal

FIDO2 (WebAuthn) and FIDO U2F platform library for Linux written in Rust; includes a proposal for a new D-Bus Portal interface for FIDO2, accessible from Flatpak apps and Snaps 🔑

Language:RustLicense:LGPL-2.1Stargazers:336Issues:0Issues:0

DFIRArtifactMuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.

Language:HTMLLicense:MITStargazers:542Issues:0Issues:0

FalconFriday

Hunting queries and detections

License:BSD-3-ClauseStargazers:690Issues:0Issues:0

AzureHunter

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

Language:PowerShellLicense:MITStargazers:766Issues:0Issues:0

aftermath

Aftermath is a free macOS IR framework

Language:SwiftLicense:MITStargazers:458Issues:0Issues:0

PoSh-R2

PowerShell - Rapid Response... For the incident responder in you!

Language:PowerShellLicense:Apache-2.0Stargazers:290Issues:0Issues:0