medtemo's repositories
guacamole-docker-compose
Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)
threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
ansible-splunk-playbook
Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
awesome-threat-detection
A curated list of awesome threat detection and hunting resources
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
CyberThreatHunting
A collection of resources for Threat Hunters
DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
Event-Forwarding-Guidance
Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
EVTX-to-MITRE-Attack
Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
Incident-Response-with-Threat-Intelligence
Incident Response with Threat Intelligence, published by Packt
malware-persistence
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
Microsoft-eventlog-mindmap
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
osctrl
Fast and efficient osquery management
osq-ext-bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection
OSSEM-DM
OSSEM Detection Model
RedTeam-Tactics-and-Techniques
Red Teaming Tactics and Techniques
Security-Datasets
Re-play Security Events
SIEM
SIEM Tactics, Techiques, and Procedures
sysmon-modular
A repository of sysmon configuration modules
VBoxHardenedLoader
VirtualBox VM detection mitigation loader
VmwareHardenedLoader
Vmware Hardened VM detection mitigation loader (anti anti-vm)
windows_event_logging
Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.