iknowjason / BlueCloud
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
☆133Updated 2 years ago
Alternatives and similar repositories for BlueCloud:
Users that are interested in BlueCloud are comparing it to the libraries listed below
- This repo is where I store my Threat Hunting ideas/content☆87Updated last year
- Notes on responding to security breaches relating to Azure AD☆110Updated 3 years ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated 11 months ago
- Active Directory Purple Team Playbook☆108Updated last year
- Full of public notes and Utilities☆98Updated 2 months ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year
- Conference presentations☆47Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- ☆47Updated last week
- ☆72Updated 6 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆37Updated last month
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆201Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆250Updated 2 months ago
- Some Threat Hunting queries useful for blue teamers☆125Updated 2 years ago
- ☆93Updated 2 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆90Updated 4 years ago
- Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques t…☆118Updated last month
- This directory features proven systems that demonstrate value to your threat-informed efforts using metrics.☆111Updated 5 months ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated 10 months ago
- Identify Azure blobs using a wordlist of account name and container name strings☆40Updated last month
- A collection of Powershell scripts that will help automate the build process for a Marvel domain.☆145Updated last year
- Repository of public reference frameworks for the DFIR community.☆116Updated last year
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆132Updated last year
- Open Threat Hunting Framework☆114Updated last year
- Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop☆67Updated last week
- Blue Team detection lab created with Terraform and Ansible in Azure.☆153Updated 5 months ago
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆65Updated 3 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆53Updated last year
- A preconfigured Velociraptor triage collector☆51Updated this week