biffalo / easy-wins-endpoint-defenseLinks
Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endpoints.
☆38Updated last year
Alternatives and similar repositories for easy-wins-endpoint-defense
Users that are interested in easy-wins-endpoint-defense are comparing it to the libraries listed below
Sorting:
- A preconfigured Velociraptor triage collector☆52Updated last week
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Updated last week
- A collection of various SIEM rules relating to malware family groups.☆66Updated 11 months ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆88Updated 10 months ago
- ☆72Updated 7 months ago
- ☆21Updated 2 years ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆26Updated 6 months ago
- Full of public notes and Utilities☆113Updated 3 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆85Updated 3 months ago
- Velociraptor Server hosted in Azure App Service☆54Updated this week
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆82Updated last year
- Conference presentations☆47Updated last year
- ☆62Updated last year
- ☆47Updated last month
- Baseline a Windows System against LOLBAS☆27Updated last year
- CarbonBlack EDR detection rules and response actions☆71Updated 8 months ago
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- Hunting Queries for Defender ATP☆82Updated last month
- ☆41Updated 2 years ago
- ASR Configurator, Essentials and Atomic Testing☆42Updated last month
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆47Updated last year
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆106Updated 5 months ago
- Slides of my public talks☆55Updated last year
- Pushes Sysmon Configs☆88Updated 3 years ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆28Updated this week
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆90Updated 4 years ago
- ESXi Cyber Security Incident Response Script☆22Updated 9 months ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆12Updated 3 months ago
- Notes on responding to security breaches relating to Azure AD☆111Updated 3 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆55Updated 3 months ago