LaresLLC / SysmonConfigPusher
Pushes Sysmon Configs
☆89Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for SysmonConfigPusher
- A PowerShell incident response script for quick triage☆75Updated 2 years ago
- ☆40Updated last year
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆79Updated 3 months ago
- Full of public notes and Utilities☆87Updated last week
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆109Updated 11 months ago
- ☆70Updated last month
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆81Updated last month
- A collection of Powershell scripts that will help automate the build process for a Marvel domain.☆144Updated 9 months ago
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆93Updated last year
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆100Updated 4 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆49Updated last year
- Powershell module for VMWare vSphere forensics☆141Updated 2 weeks ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆86Updated 3 years ago
- ☆85Updated 9 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated last year
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 7 months ago
- My conference presentations☆66Updated last year
- A repository to share publicly available Velociraptor detection content☆119Updated last week
- ☆49Updated last year
- Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity☆88Updated 2 years ago
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆64Updated 2 years ago
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆82Updated last year
- Monitor your PingCastle scans to highlight the rule diff between two scans☆108Updated 3 months ago
- PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.☆60Updated 7 months ago
- Active Directory Purple Team Playbook☆104Updated last year
- Community Tasks/Plans for PlumHound Queueing☆23Updated last year
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆145Updated last year