StevenD33 / Lab-DFIR-SOC
☆62Updated 3 years ago
Related projects: ⓘ
- Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation☆104Updated 2 years ago
- IOC Collection 2022☆55Updated last year
- This repo is where I store my Threat Hunting ideas/content☆85Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆142Updated last year
- ☆25Updated 3 years ago
- Veil-PowerView is a powershell tool to gain network situational awareness on Windows domains.☆47Updated 9 years ago
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆144Updated last year
- ☆84Updated 7 months ago
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆64Updated 2 years ago
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆92Updated 10 months ago
- Placeholder for my detection repo and misc detection engineering content☆43Updated 10 months ago
- ☆59Updated 3 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆162Updated last year
- Simple PowerShell script to enable process scanning with Yara.☆86Updated last year
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆57Updated last year
- Resources from the Security Presentation☆11Updated 10 months ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- ☆153Updated 9 months ago
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆29Updated 2 years ago
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- Further investigation in to APT campaigns disclosed by private security firms and security agencies☆76Updated 2 years ago
- Picus Labs☆42Updated 3 years ago
- Active Directory Purple Team Playbook☆103Updated last year
- Active C2 IoCs☆96Updated last year
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…☆69Updated this week
- Random notes collected on the intertubes relating to DFIR☆32Updated last year
- yara detection rules for hunting with the threathunting-keywords project☆75Updated last week
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.☆27Updated last year
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆62Updated 2 years ago
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆102Updated last year