Secureworks

dcept

A tool for deploying and detecting use of Active Directory honeytokens

dalton

Suricata and Snort IDS rule and pcap testing system

squarephish

flowsynth

a network packet capture compiler

family-of-client-ids-research

Research into Undocumented Behavior of Azure AD Refresh Tokens

TokenMan

chaosbernie

Azure as an external process source for psDoom-ng

whiskeysamlandfriends

GoldenSAML Attack Libraries and Framework

aristotle

BAADTokenBroker

atomic-harness

A tool to run and validate telemetry for Atomic Red Team tests

taegis-sdk-python

primary-refresh-token-viewer

PTAAgentDump

infosec-jupyterthon-2022-ipython-magics

taegis-threat-hunting-tutorials

Threat Hunting with Jupyter Notebooks on Taegis

log4j-analysis

taegis-magic

Taegis Magic is a Jupyter Notebook and Command Line Interface for interacting with the Secureworks Taegis™ security platform. The Magics project is intended to assist users with workflows and analysis through Jupyter Notebook integrations and Pandas DataFrames.

moonshine

taegis-sdk-go

Cloudy-Loot

Cloudy Loot is a tool to look for cloud tools, configuration files, keys, and secrets.

logger

A unified logging interface for Golang that supports multiple libraries.

atomic-validation-criteria

responder_ginx

telemetry-tool-example

ukraine-crisis

Yara-Elixir

Proof-of-concept NIF implementation of Yara from Elixir.

azure_auth

errors

A golang errors package

goartrun