Phill Moore's starred repositories
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
TotalRecall
This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
Incident-Response-Powershell
PowerShell Digital Forensics & Incident Response Scripts.
Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
LevelDBDumper
Dumps all of the Key/Value pairs from a LevelDB database
COATHANGER
IOCs and detection script for COATHANGER malware
TheThreatHuntLibrary
Library of threat hunts to get any user started!
Rapid7-Labs
Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.
MSEntraIDProtectionGuidance
MS Entra ID Protection Guidance
Crowdstrike-Deploy
The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
velociraptor-timeline-creator
VTC - Velociraptor Timeline Creator
ocspcryptneturlcache
How to extract subject names from OCSP responses cached in Windows leveraging crt.sh
SQLite_Forensics
A series of python scripts to extract information from SQLite Data Files
yaradbg-container
A docker config file to run yaradbg in a container
okta-threat-hunting
Notebook from my "Guardians of Identity: OKTA’s Underworld" talk at Jupyterthon
wiskess_rust
WISKESS automates the Windows evidence processing for Incident Response investigations. Rust version.