Phill Moore's starred repositories
velociraptor-timeline-creator
VTC - Velociraptor Timeline Creator
Rapid7-Labs
Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.
LevelDBDumper
Dumps all of the Key/Value pairs from a LevelDB database
MSEntraIDProtectionGuidance
MS Entra ID Protection Guidance
Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
TheThreatHuntLibrary
Library of threat hunts to get any user started!
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
ocspcryptneturlcache
How to extract subject names from OCSP responses cached in Windows leveraging crt.sh
wiskess_rust
WISKESS automates the Windows evidence processing for Incident Response investigations. Rust version.
yaradbg-container
A docker config file to run yaradbg in a container
COATHANGER
IOCs and detection script for COATHANGER malware
okta-threat-hunting
Notebook from my "Guardians of Identity: OKTA’s Underworld" talk at Jupyterthon
Incident-Response-Powershell
PowerShell Digital Forensics & Incident Response Scripts.
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
dtPyAppFramework
Welcome to dtPyAppFramework. A Python library for common features in application development.
citrix-logchecker
Parse citrix netscaler logs to check for signs of CVE-2023-4966 exploitation
DriveFS-Sleuth
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.