m4nbat

Gavin Knapp's repositories

KustQueryLanguage_kql

Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting

Language:Batchfile5100

SecBlogs

Rough blogs covering CyberDefence tradecraft.

200

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Language:PowerShellMIT100

Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language:Jupyter NotebookMIT100

DefensivePowerShell

repo with scripts to query VT API via PowerShell

Language:PowerShell100

Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

100

ioc_lists

IOC lists used for external lookups

100

m4nbat

Config files for my GitHub profile.

100

sigma

Main Rule Repository - Used by GK for SIGMA submissions

Language:PythonNOASSERTION100

SIGMA-Rules

100

yara_rules

Repo for YARA rules written by and me and other third party rules I find useful

Language:YARA100

deepdarkCTI

Collection of Cyber Threat Intelligence sources from the deep and dark web

GPL-3.0000

DFIR_Scripts

Repo to hold useful DFIR scripts

Language:PowerShell000

Enum

Just a simple PowerShell Enumeration Script

GPL-3.0000

FitnessAndNutrition

Fitness and Nutrition Programs

000

mastodon_servers

000

MS-Sentinel-Content

Microsoft Sentinel Content

000

MultiOneTimePassword-CredentialProvider

Aims to improve the overall security of the Windows logon process by adding 2FA Authentication. Uses multiOTP as authentication endpoint.

Language:C++Apache-2.0000

OffensiveNotion

Notion as a platform for offensive operations

MIT000

powershell-cti

Language:PowerShell000

purpleT

000

Ransomware-Live-Workbook

000

sentinel

000

tools

000

VTHashCheck

Language:Shell000