Defenders-Guide / TheDefendersGuide
The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
☆145Updated last year
Related projects ⓘ
Alternatives and complementary repositories for TheDefendersGuide
- Active C&C Detector☆150Updated last year
- This repo is where I store my Threat Hunting ideas/content☆85Updated last year
- A repository to share publicly available Velociraptor detection content☆119Updated this week
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Full of public notes and Utilities☆86Updated this week
- A collection of Powershell scripts that will help automate the build process for a Marvel domain.☆144Updated 8 months ago
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 6 months ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- A list of RMMs designed to be used in automation to build alerts☆108Updated 3 weeks ago
- CarbonBlack EDR detection rules and response actions☆71Updated 2 months ago
- Active Directory Purple Team Playbook☆104Updated last year
- Repository of attack and defensive information for Business Email Compromise investigations☆230Updated 2 months ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆81Updated last month
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆86Updated 3 years ago
- Sigma rules to share with the community☆115Updated 2 months ago
- M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.☆112Updated this week
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆76Updated last week
- A python script developed to process Windows memory images based on triage type.☆258Updated 11 months ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆125Updated 2 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆109Updated 11 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- A repository of my own Sigma detection rules.☆156Updated 2 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated last year
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆194Updated 2 years ago
- Repository of public reference frameworks for the DFIR community.☆109Updated last year
- Blue Team detection lab created with Terraform and Ansible in Azure.☆143Updated this week
- MAD ATT&CK Defender: ATT&CK Adversary Emulation Repository☆109Updated last year
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆79Updated 3 months ago