Maziyar Hamzavi's repositories
Postfix_Dovcout_Opendkim_Roundcube
Install and Configuration Webmail By Postfix Dovcout Opendkim Roundcube
Sysmon_Utility_MITRE_ATTACK
Investigate Attack Patterns using SIEM, Sysmon Utility and MITRE ATT&CK
Windows_Forensic_Investigation_8_parts
When conducting an investigation on a Windows machine there are 8 phase to go through, today we’ll discuss the first ‘Collecting Volatile Information’, and the rest will be explained in future topics
Pattern_Recognition
Use Histogram and Parzen Window to estimate Kenrnel Density Estimation and Plot Figure for Pattern Recognition
wireshark_threat_hunting
Useful Wire shark command for threat hunting
Attacking-Kerberos
This tipic will cover all of the basics of attacking Kerberos the windows ticket-granting service.
DNS_Incident_Response
DNS Incident Response
Gre_Tunnel_bash
making a Tunnel between two VPS that one of which is in Iran and another VPS occur on a foreign country and send the traffics to a foreign data center and use free internet. with this bash script, you can make a tunnel between two servers
IPv6_Tutorial
IPv6_Tutorial
Lpic101_Note
Lpic101_Note for beginner
make_valid_SSL_with_acme
make valid SSL with acme
openssl_bashscript
Make CA root server and Certificate for web Server with openssl Script.
Splunk_attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
THREAT_HUNTING_PLAYBOOKS
Starting your first threat hunting
Ubuntu_DNS_Server_Bind9
UBUNTU DNS SERVER WITH BIND9
UBUNTU_NTP_SERVER
Ubuntu NTP Server Configurations
Apache2_Modsecurity
Apache2 Modsecurity
Active_Directory_Auditing_Best_Practices
Active Directory Auditing Best Practices
Basic-Static-Malware-Analysis
Basic Static Malware Analysis
docker-elk
The Elastic stack (ELK) powered by Docker and Compose.
Incident-Response-Powershell
PowerShell Digital Forensics & Incident Response Scripts.
Log-Analysis-Process
Log analysis involves Parsing, Normalisation, Sorting, Classification, Enrichment, Correlation, Visualisation, and Reporting.
lsass_memory
Adversaries commonly abuse the Local Security Authority Subsystem Service (LSASS) to dump credentials for privilege escalation, data theft, and lateral movement. The process is a fruitful target for adversaries because of the sheer amount of sensitive information it stores in memory.
MindMaps
Collection of created MindMaps
PowerShell_Download_Cradles
13 Essential Things to Know about PowerShell Download Cradles
protections-artifacts
Elastic Security detection content for Endpoint
Splunk_Fundamental
Splunk_Fundamental
Windows_Event_Log_Analysis_Incident
Windows Event Log Analysis & Incident Response Guide