Matthew Conway's starred repositories
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
ProcMon-for-Linux
Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
gharchive.org
GH Archive is a project to record the public GitHub timeline, archive it, and make it easily accessible for further analysis.
noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
offensive-ai-compilation
A curated list of useful resources that cover Offensive AI.
PackMyPayload
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX
obsidian-osint-templates
These templates are suggestions of how the Obsidian notetaking tool can be used during an OSINT investigation. The example data in those files should allow you to make some connections (see what I did there?) between how you record your data during an investigation and some of what the tool can offer FOR FREE!
awesome-kubernetes-threat-detection
A curated list of resources about detecting threats and defending Kubernetes systems.
awesome-detection-rules
This is a collection of threat detection rules / rules engines that I have come across.
reveng_rtkit
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.
Awesome-BEC
Repository of attack and defensive information for Business Email Compromise investigations
russkiwlst
Bundle of common passwords targeting RUSSIAN-speaking audience (parsed from big data leaks)
KubeDagger
Kubernetes offensive framework built in eBPF
MacDockTileSample
Shows how to write a NSDockTilePlugin, so your DockTile can update while the app isn't running
cti-stix-diamond-activity-attack-graph
STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling
WeaponizeCrystal
Experiments in weaponizing Crystal for offensive operations.
slack-slurp
Pentesting post exploitation tool for slack
data-candiru-victims
This database tracks details about victims of Candiru's spyware, based on reporting by Citizen Lab, Microsoft, Avast, and others.