svch0stz

TheThreatHuntLibrary

Library of threat hunts to get any user started!

velociraptor-detections

grab_beacon_config

CobaltStrikeParser

Abused-Legitimate-Services

Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups

AllthingsTimesketch

commons

A Collection of Python Utilities and Libraries I have developed to achieve common tasks which I use.

HELK

The Hunting ELK

mordor

Re-play Adversarial Techniques

Azure

Azure AD Scripts

Beta

Beta versions of my software

CVE-2022-22947

poc for CVE-2022-22947

detection

Detection in the form of Yara, Snort and ClamAV signatures.

DetectRaptor

A repository to share publicly available Velociraptor detection content

go-recyclebin

Go parser for $I files in $Recycle.bin

Grafiki

Threat Hunting tool about Sysmon and graphs

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE.

lateral_movement_graph

plaso_filters

Scripts to facilitate filtering with Plaso

RECmd

Command line access to the Registry

sigma

Generic Signature Format for SIEM Systems

signature-base

Signature base for my scanner tools

SQLiteHunter

Hunt for SQLite files used by various applications

sysmon-config

Sysmon configuration file template with default high-quality event tracing

ThreatIngestor

Extract and aggregate threat intelligence.

velociraptor

Digging Deeper....

velociraptor-docs

Documentation site for Velociraptor

velociraptor-to-timesketch

VM-Packages

Zircolite

A standalone SIGMA-based detection tool for EVTX.