Nasreddine Bencherchali's repositories
SIGMA-Resources
Resources To Learn And Understand SIGMA Rules
Awesome-Detection-Engineering
Resources and Discussions About Detection Engineering
awesome-event-ids
Collection of Event ID ressources useful for Digital Forensics and Incident Response
DFIRPowerShellScripts
Various PowerShells scripts I've made to automate some of the boring stuff in my everyday DFIR journey!
LawEnforcementResources
Resources provided by the community that can serve to be useful for Law Enforcement worldwide
EDR-Telemetry
This project aims to compare and evaluate the telemetry of various EDR products.
VanillaWindowsReference
A repo that contains recursive dir listings of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
artifacts
Digital Forensics Artifact Repository
aurora-agent-manual
Aurora Agent User Manual
component-object-model-sample
Sample code for Component Object Model (COM) setup and registration.
conference_talks
Slides from various conference talks
cookiecutter-pySigma-backend
pySigma Cookiecutter backend template
evtx-baseline
A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
HijackLibs
Project for tracking publicly disclosed DLL Hijacking opportunities.
LocalPotato
POC CVE-2023-21746
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
munin
Online hash checker for Virustotal and other services
NimPlant
A light-weight first-stage C2 implant written in Nim.
nt5src
Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.
OSSEM-DD
OSSEM Data Dictionaries
panopticon
A YARA Rule Performance Measurement Tool
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00
ProcMonXv2
Process Monitor X v2
Sigma-Rules
Rules generated from our investigations.
signature-base
Signature base for my scanner tools
VISION-ProcMon
A ProcessMonitor visualization application written in rust.