biffalo / easy-wins-endpoint-defense
Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endpoints.
☆38Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for easy-wins-endpoint-defense
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆75Updated 2 weeks ago
- ☆48Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 5 months ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 2 months ago
- Conference presentations☆46Updated last year
- A collection of various SIEM rules relating to malware family groups.☆61Updated 4 months ago
- ☆19Updated last year
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆78Updated 3 months ago
- ☆70Updated 2 weeks ago
- This repo is where I store my Threat Hunting ideas/content☆85Updated last year
- M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.☆111Updated 6 months ago
- A repository to share publicly available Velociraptor detection content☆119Updated this week
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- ☆43Updated 3 weeks ago
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆44Updated 7 months ago
- Full of public notes and Utilities☆82Updated 2 months ago
- ☆52Updated last year
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated last week
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆85Updated 3 years ago
- Pushes Sysmon Configs☆89Updated 3 years ago
- Azure function to insert MISP data in to Azure Sentinel☆30Updated 2 years ago
- A tool to display Windows Event logs as they happen.☆12Updated last year
- Slides of my public talks☆46Updated 10 months ago
- CarbonBlack EDR detection rules and response actions☆71Updated last month
- Forensics scripts aimed at automating & enhancing the Forensics Legend Eric Zimmerman's techniques, integrating the statistical detection…☆16Updated last year
- User Feedback Space of #MitreAssistant☆37Updated last year
- ☆40Updated last year
- Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on☆81Updated 6 months ago
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- This project aims to bridge the gap between Microsoft Attack Surface Reduction (ASR) rules and MITRE ATT&CK by mapping ASR rules to their…☆23Updated 2 months ago