PwCUK-CTO / SANSCTISummit2021-xStartLinks
Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".
☆14Updated 3 years ago
Alternatives and similar repositories for SANSCTISummit2021-xStart
Users that are interested in SANSCTISummit2021-xStart are comparing it to the libraries listed below
Sorting:
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆45Updated 3 years ago
- Collection of walkthroughs on various threat hunting techniques☆75Updated 4 years ago
- ☆87Updated last year
- ☆34Updated 7 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆73Updated last year
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- Recon Hunt Queries☆77Updated 4 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆27Updated last week
- Publicly shareable windows event log message data☆27Updated 5 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆63Updated 2 years ago
- ☆77Updated 5 years ago
- My conference presentations☆66Updated last year
- Extract BITS jobs from QMGR queue and store them as CSV records☆75Updated 3 months ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆56Updated last month
- Sigma Detection Rule Repository☆88Updated 4 years ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆53Updated 2 years ago
- Library of threat hunts to get any user started!☆44Updated 4 years ago
- Hunt malware with Volatility☆47Updated last year
- Resources for SANS CTI Summit 2021 presentation☆103Updated last year
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Updated 4 years ago
- A community event for security researchers to share their favorite notebooks☆107Updated last year
- Python library for threat intelligence☆86Updated 4 months ago
- Random notes collected on the intertubes relating to DFIR☆34Updated last year
- Mapping your datasources and detections to the MITRE ATT&CK Navigator framework.☆58Updated 5 years ago
- ☆58Updated 3 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆20Updated 4 years ago
- Open source training materials for law-enforcement and organisations interested in DFIR.☆59Updated last week