medtemo

guacamole-docker-compose

Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)

threathunting-spl

Splunk code (SPL) for serious threat hunters and detection engineers.

ansible-splunk-playbook

Install a full Splunk Enterprise Cluster or Universal forwarder using an ansible playbook

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

awesome-threat-detection

A curated list of awesome threat detection and hunting resources

chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

CyberThreatHunting

A collection of resources for Threat Hunters

DFIRMindMaps

A repository of DFIR-related Mind Maps geared towards the visual learners!

Event-Forwarding-Guidance

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

EvilClippy

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

EVTX-to-MITRE-Attack

Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Incident-Response-with-Threat-Intelligence

Incident Response with Threat Intelligence, published by Packt

Kansa

A Powershell incident response framework

koadic

Koadic C3 COM Command & Control - JScript RAT

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

malware-persistence

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Microsoft-eventlog-mindmap

Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...

osctrl

Fast and efficient osquery management

osq-ext-bin

Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection

OSSEM-DM

OSSEM Detection Model

PSGumshoe

RedTeam-Tactics-and-Techniques

Red Teaming Tactics and Techniques

Security-Datasets

Re-play Security Events

SIEM

SIEM Tactics, Techiques, and Procedures

sysmon-modular

A repository of sysmon configuration modules

VBoxHardenedLoader

VirtualBox VM detection mitigation loader

VmwareHardenedLoader

Vmware Hardened VM detection mitigation loader (anti anti-vm)

WECComputerGroupMgmt

windows_event_logging

Windows Event Forwarding subscriptions, configuration files and scripts that assist with implementing ACSC's protect publication, Technical Guidance for Windows Event Logging.