nasbench

MindMaps

#ThreatHunting #DFIR #Malware #Detection Mind Maps

EVTX-ETW-Resources

Event Tracing For Windows (ETW) Resources

SIGMA-Resources

Resources To Learn And Understand SIGMA Rules

C2-Matrix-Indicators

This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix

SEDR-Internals

Symantec EDR Internals

sedr-localdatastore-parser

Parser for Symantec EDR "localdatastore" folder

Slides

A collection of my slides and presentations

Misc-Tools-And-Scripts

A collection of tools and scripts

awesome-event-ids

Collection of Event ID ressources useful for Digital Forensics and Incident Response

CVE-2019-19547

CVE-2019-19547​ POC

CVE-2020-12593

CVE-2020-12593 POC

CVE-2020-5839

CVE-2020-5839 POC

DFIRPowerShellScripts

Various PowerShells scripts I've made to automate some of the boring stuff in my everyday DFIR journey!

LawEnforcementResources

Resources provided by the community that can serve to be useful for Law Enforcement worldwide

ManageEngine-Application-Manager-XSS-POC

ZOHO Manage Engine Application Manager - XSS POC

nasbench

nasbench.github.io

SEPparser

Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.

threathunters

VanillaWindowsReference

A repo that contains recursive dir listings of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Yara-Rules

BabyShark

Basic C2 Server

Http-Asynchronous-Reverse-Shell

[POC] Asynchronous reverse shell using the HTTP protocol.

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

MAL-CL

MAL-CL (Malicious Command-Line)

OSSEM-DD

OSSEM Data Dictionaries

sigma

Generic Signature Format for SIEM Systems

Sigma-Rules

Rules generated from our investigations.

trevorc2

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

w32

A wrapper of windows apis for the Go Programming Language.