Nasreddine Bencherchali's repositories

MindMaps

#ThreatHunting #DFIR #Malware #Detection Mind Maps

EVTX-ETW-Resources

Event Tracing For Windows (ETW) Resources

License:MITStargazers:127Issues:7Issues:0

SIGMA-Resources

Resources To Learn And Understand SIGMA Rules

C2-Matrix-Indicators

This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix

SEDR-Internals

Symantec EDR Internals

sedr-localdatastore-parser

Parser for Symantec EDR "localdatastore" folder

Language:PythonStargazers:5Issues:1Issues:0

Slides

A collection of my slides and presentations

Misc-Tools-And-Scripts

A collection of tools and scripts

Language:PythonStargazers:2Issues:1Issues:0

awesome-event-ids

Collection of Event ID ressources useful for Digital Forensics and Incident Response

License:MITStargazers:1Issues:0Issues:0

CVE-2019-19547

CVE-2019-19547​ POC

CVE-2020-12593

CVE-2020-12593 POC

Stargazers:1Issues:0Issues:0

CVE-2020-5839

CVE-2020-5839 POC

DFIRPowerShellScripts

Various PowerShells scripts I've made to automate some of the boring stuff in my everyday DFIR journey!

Language:PowerShellLicense:MITStargazers:1Issues:0Issues:0

LawEnforcementResources

Resources provided by the community that can serve to be useful for Law Enforcement worldwide

License:MITStargazers:1Issues:0Issues:0

ManageEngine-Application-Manager-XSS-POC

ZOHO Manage Engine Application Manager - XSS POC

Stargazers:1Issues:0Issues:0

SEPparser

Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.

Language:PythonLicense:MITStargazers:1Issues:0Issues:0
Language:YARAStargazers:1Issues:0Issues:0

VanillaWindowsReference

A repo that contains recursive dir listings of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

License:MITStargazers:1Issues:0Issues:0
Language:YARAStargazers:1Issues:0Issues:0

BabyShark

Basic C2 Server

Language:HTMLStargazers:0Issues:0Issues:0

Http-Asynchronous-Reverse-Shell

[POC] Asynchronous reverse shell using the HTTP protocol.

Language:C#License:MITStargazers:0Issues:0Issues:0

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Language:XSLTStargazers:0Issues:0Issues:0

MAL-CL

MAL-CL (Malicious Command-Line)

License:AGPL-3.0Stargazers:0Issues:0Issues:0

OSSEM-DD

OSSEM Data Dictionaries

Language:PythonLicense:GPL-3.0Stargazers:0Issues:0Issues:0

sigma

Generic Signature Format for SIEM Systems

Language:PythonLicense:NOASSERTIONStargazers:0Issues:0Issues:0

Sigma-Rules

Rules generated from our investigations.

License:GPL-3.0Stargazers:0Issues:0Issues:0

trevorc2

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

Language:CLicense:NOASSERTIONStargazers:0Issues:0Issues:0

w32

A wrapper of windows apis for the Go Programming Language.

License:NOASSERTIONStargazers:0Issues:0Issues:0