Defenders-Guide / TheDefendersGuide
The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
☆144Updated last year
Related projects ⓘ
Alternatives and complementary repositories for TheDefendersGuide
- Active C&C Detector☆149Updated last year
- A repository to share publicly available Velociraptor detection content☆119Updated this week
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆85Updated 3 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆81Updated last month
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆96Updated 2 years ago
- This repo is where I store my Threat Hunting ideas/content☆85Updated last year
- Repository of attack and defensive information for Business Email Compromise investigations☆228Updated 2 months ago
- Full of public notes and Utilities☆82Updated 2 months ago
- Active Directory Purple Team Playbook☆104Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 5 months ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- A list of RMMs designed to be used in automation to build alerts☆108Updated last week
- A collection of Powershell scripts that will help automate the build process for a Marvel domain.☆144Updated 8 months ago
- MAD ATT&CK Defender: ATT&CK Adversary Emulation Repository☆108Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆75Updated 2 weeks ago
- M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.☆111Updated 6 months ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- A repository of my own Sigma detection rules.☆156Updated 2 months ago
- Sigma rules to share with the community☆115Updated last month
- CarbonBlack EDR detection rules and response actions☆71Updated last month
- The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory C…☆213Updated 11 months ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆194Updated 2 years ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆142Updated last year
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…☆72Updated this week
- Harness the power of Splunk for your investigations☆76Updated last week
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆124Updated 2 years ago
- ☆75Updated last week
- A python script developed to process Windows memory images based on triage type.☆258Updated 11 months ago