rc-MikeDevens's starred repositories
VanillaWindowsReference
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
ForgeArmory
ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).
ThreatHunting-Keywords
Awesome list of keywords and artifacts for Threat Hunting sessions
EVTX-ETW-Resources
Event Tracing For Windows (ETW) Resources
TheDefendersGuide
The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
IATelligence
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
Cobalt-Strike-CheatSheet
Some notes and examples for cobalt strike's functionality
AzureSentinelKQLScripts
Various tools used to monitor and troubleshoot Azure Sentinel data
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
MSRPC-to-ATTACK
A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
Sentinel-Queries
Collection of KQL queries