mbrownnycnyc's repositories
old_msi_tools
old windows install sdk and an old tool by Heath Stewart called msix https://devblogs.microsoft.com/setup/patch-files-extractor/
owa_search_cli
Because Outlook and OWA search suck. Searches a mailbox for email items based on a variety of criteria using Exchange Web Services managed API in Exchange Server 2007/2010/+. Returns interesting fields of and an OWA link to mail items.
keep_on_screener
Replacement for a function of nVidia's driver software nView Desktop that stops windows from spanning screens. Optionally, keeps windows on screen.
splunkconf19
splunk .conf 19 notes
activecountermeasures_networkthreathuntertraining
notes on: https://www.activecountermeasures.com/network-threat-hunter-training/
alert_manager
Extended Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
atomic-threat-coverage
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
ATTACKdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
CryptoBlocker
A script to deploy File Server Resource Manager and associated scripts to block infected users
folder_change_watcher
Feed it a folder and it will track changes using a FileSystemWatcher() for you, excluding DfsrPrivate, of course.
hpe3par_pstoolkit
PowerShell Toolkit for HPE Primera and 3PAR supports PowerShell cmdlets, which are wrappers around the native HPE Primera and 3PAR storage CLI commands and Web Services APIs (WSAPI)
LAPSImplementationGuide
This is a Microsoft LAPS (Local Administrator Password Solution) implementation guide I wrote in 2015. It might be out of date and is chock-full-o' kludgy powershell... definitely not my best work (I mean, no custom objects! c'mon!)
MalwLess
Test Blue Team detections without running any attack.
Opensource-Endpoint-Monitoring
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
PowerMemory
Exploit the credentials present in files and memory
splunk-jupyter
Analyse your Splunk data from a Jupyter Notebook, as a Pandas Dataframe.
splunk-sccm
Splunk App for Microsoft SCCM
TA-DSRemove
Splunk app used to remove a local configuration of deploymentserver.conf in favor of using an app deployed from the deployment server
TA-latmov
Splunk Security Addon for lateral movement detection
TA-Sysmon-deploy
Deploy and maintain Symon through the Splunk Deployment Sever
terraform-aws-kinesis-firehose-splunk
This code creates/configures a Kinesis Firehose in AWS to send CloudWatch log data to Splunk.
Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.