ssi0202's repositories
security_monitoring
collection of guidance and operational tools to build detection architecture
appcompatprocessor
"Evolving AppCompat/AmCache data analysis beyond grep"
awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
docker-curator
docker images for elasticsearch curator
DSInternals
DSInternals PowerShell Module and Framework
elasticintel
Serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch.
HELK
The Hunting ELK
Logstash
Contains Logstash related content including tons of Logstash configurations
logstash-cisco-asa
logstash config file that work with 5.2.2 and older versions of logstash. tested on windows 2012 platform
mimikatz
A little tool to play with Windows security
NOAH
PowerShell No Agent Hunting
PowerForensics
PowerForensics provides an all in one platform for live disk forensic analysis
powershell
powershell scripts
powershell-logging-guideline
malwarearcheology powershell guideline
pwdumpstats
Script to output stats around weak passwords and password re-use from an NtdsAudit (pwdump) file
siem_logstash_v01
logstash file for siem use
sysmon-config
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
sysmon_cfg
sysmon config file to collect data from servers, used on clients this config is really loud
ThreatHunter-Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
vector
A high-performance observability data pipeline.
VulnWhisperer
Create actionable data from your Vulnerability Scans