nterl0k

Steven Dick's repositories

CEF-Syslog-Canary

A simple set of VBA scripts, AutoIT, and Powershell for Blue Team usage.

Language:AutoIt900

Security-CMPivots

Simple collection of threat hunting queries for SCCM CMPivot

700

Kerb-Canary

A powershell script to enumerate malformed Kerberos tickets(Gold/Silver/etc)

Language:PowerShell600

splunk_bonus_content

A collection of random Splunk content, mostly security or Enterprise Security focused

400

MITRE_SN_Tags

Import MITRE Tactics and Techniques as ServiceNow Security Tags

Language:PowerShell200

ArcSight-Sysmon-FlexConnector

Microfocus ArcSight FlexConnector for Microsoft Sysmon tool

MIT000

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Language:CMIT000

attack_data

A repository of curated datasets from various attacks

Language:PythonApache-2.0000

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Language:JinjaApache-2.0000

DeepBlueCLI

GPL-3.0000

HIBP-Parser

PowerShell based parser for HaveIBeenPwned.com JSON reports

Language:PowerShell000

prisma-cloud-compute-splunk

Splunk app for ingesting Prisma Cloud Compute incidents and forensics

Language:PythonISC000

rba

000

security_content

Splunk Security Content

Language:PythonApache-2.0000

sigma

Generic Signature Format for SIEM Systems

Language:Python000

sof-elk

Configuration files for the SOF-ELK VM, used in SANS FOR572

GPL-3.0000

sysmon-modular

A repository of sysmon configuration modules

MIT000