Defenders-Guide / TheDefendersGuide
The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson
☆150Updated last year
Alternatives and similar repositories for TheDefendersGuide:
Users that are interested in TheDefendersGuide are comparing it to the libraries listed below
- Full of public notes and Utilities☆98Updated 2 weeks ago
- Active C&C Detector☆152Updated last year
- Notes on responding to security breaches relating to Azure AD☆101Updated 2 years ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- A repository to share publicly available Velociraptor detection content☆126Updated this week
- This repo is where I store my Threat Hunting ideas/content☆87Updated last year
- Repository of attack and defensive information for Business Email Compromise investigations☆246Updated last month
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆90Updated last week
- Active Directory Purple Team Playbook☆105Updated last year
- Sigma rules to share with the community☆118Updated last month
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆88Updated 4 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆112Updated last year
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- A list of RMMs designed to be used in automation to build alerts☆108Updated this week
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- A collection of Powershell scripts that will help automate the build process for a Marvel domain.☆144Updated last year
- A PowerShell incident response script for quick triage☆79Updated 2 years ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆76Updated 9 months ago
- The LOLBins CTI-Driven (Living-Off-the-Land Binaries Cyber Threat Intelligence Driven) is a project that aims to help cyber defenders und…☆118Updated 10 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated 3 weeks ago
- Blue Team detection lab created with Terraform and Ansible in Azure.☆145Updated 3 months ago
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆93Updated last year
- Slides of my public talks☆54Updated last year
- MAD ATT&CK Defender: ATT&CK Adversary Emulation Repository☆112Updated last year
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆151Updated 3 years ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 10 months ago
- ☆81Updated 3 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆200Updated 2 years ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆128Updated 2 years ago